Back

Multiple CVEs Addressed in Fedora Python3 Updates

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Summary

On April 28, 2026, Fedora released updates for MinGW Windows python3 to address multiple vulnerabilities. The updates include backports for CVE-2026-4786, CVE-2026-6100, CVE-2026-3479, and CVE-2026-1502. CVE-2026-4786, published on April 13, allows arbitrary code execution via command injection in the webbrowser.open() API. CVE-2026-6100, published on April 13, enables arbitrary code execution or information disclosure through a use-after-free vulnerability in decompression modules. CVE-2026-3479, published on March 18, involves a path traversal vulnerability in pkgutil.get_data(). CVE-2026-1502, published on April 10, allows HTTP header injection via CR/LF in proxy tunnel headers. Users are advised to install the updates using the 'dnf' update program. The vulnerabilities affect users of MinGW Windows python3 and could lead to serious security breaches if exploited. Key Points: • Fedora updates address four critical vulnerabilities in MinGW Windows python3. • CVE-2026-4786 allows arbitrary code execution via command injection. • Users are urged to apply the updates immediately to mitigate risks.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2026-1502 (cve)
  • CVE-2026-3479 (cve)
  • CVE-2026-4786 (cve)
  • CVE-2026-6100 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-22 - Path Traversal (cwe)
  • Cwe-416 - Use After Free (cwe)
  • CWE-78 - OS Command Injection (cwe)
  • CWE-94 - Code Injection (cwe)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • Fedora (company)
  • MinGW (platform)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed