top of page
perceptive_background_267k.jpg

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS command…

Published:

29 april 2026 om 22:00:00

Alert date:

30 april 2026 om 15:02:17

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

Pallets Click versions 8.3.2 and below contain a command injection vulnerability in the click.edit() function. This security flaw allows attackers to execute arbitrary OS commands from an unprivileged account. The vulnerability affects the popular Python CLI library used by many applications. A fix is available in version 8.3.3. Organizations using affected versions should upgrade immediately to prevent potential exploitation.

Technical details

Mitigation steps:

Affected products:

Pallets Click

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7246
https://github.com/pallets/click/releases/tag/8.3.3
https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page