{"schema_version":"1.7.2","id":"OESA-2026-2305","modified":"2026-05-15T14:00:21Z","published":"2026-05-15T14:00:21Z","upstream":["CVE-2026-7246"],"summary":"python-click security update","details":"Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box.\r\n\r\nSecurity Fix(es):\n\nPallets Click, versions 8.3.2 and below, contains a command injection vulnerability in the click.edit() function. The vulnerability allows attackers to inject arbitrary OS commands through unsanitized filename parameters in the click.edit() function. Attackers can exploit this vulnerability to execute malicious commands from an unprivileged account, potentially leading to complete system compromise.(CVE-2026-7246)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"python-click","purl":"pkg:rpm/openEuler/python-click&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1.7-2.oe2403"}]}],"ecosystem_specific":{"noarch":["python-click-help-8.1.7-2.oe2403.noarch.rpm","python3-click-8.1.7-2.oe2403.noarch.rpm"],"src":["python-click-8.1.7-2.oe2403.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2305"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7246"}],"database_specific":{"severity":"High"}}