216.73.217.80

CVE-2026-7246

· Published 30/04/2026 14:16 · Modified 30/04/2026 16:39

Labels: CVE-2026-7246 2026-04-30CVE-2026-7246CWE-77[email protected]

Essential information

Published
30/04/2026 14:16
Modified
30/04/2026 16:39
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

NVD status

Status
Analyzed — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
palletsprojects / click cpe:2.3:a:palletsprojects:click:*:*:*:*:*:*:*:*

References