Multiple CVEs Addressed in Fedora Python3 Updates

Multiple CVEs Addressed in Fedora Python3 Updates

First seen 28 Apr 2026, 06:34 UTC Linuxsecurity 99% similarity 70.5

Article Content

Browse articles
ThreatCluster

On April 28, 2026, Fedora released updates for MinGW Windows python3 to address multiple vulnerabilities. The updates include backports for CVE-2026-4786, CVE-2026-6100, CVE-2026-3479, and CVE-2026-1502. CVE-2026-4786, published on April 13, allows arbitrary code execution via command injection in the webbrowser.open() API. CVE-2026-6100, published on April 13, enables arbitrary code execution or information disclosure through a use-after-free vulnerability in decompression modules. CVE-2026-3479, published on March 18, involves a path traversal vulnerability in pkgutil.get_data(). CVE-2026-1502, published on April 10, allows HTTP header injection via CR/LF in proxy tunnel headers. Users are advised to install the updates using the 'dnf' update program. The vulnerabilities affect users of MinGW Windows python3 and could lead to serious security breaches if exploited.

Key Points: • Fedora updates address four critical vulnerabilities in MinGW Windows python3. • CVE-2026-4786 allows arbitrary code execution via command injection. • Users are urged to apply the updates immediately to mitigate risks.

ThreatCluster AI

Timeline

2026-03-18
CVE-2026-3479 published
2026-04-10
CVE-2026-1502 published
2026-04-13
CVE-2026-6100 and CVE-2026-4786 published
2026-04-28
Fedora releases updates for python3 addressing multiple CVEs

Community

Browse all →