CVE-2026-7246

· NIST NVD ↗

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

HIGH
CVSS severity
7.2
CVSS base score
2026-04-30
Published

CWE codes

CWE-77

Affected products

palletsprojects:click

Sources