Vulnerability Details CVE-2026-7246
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.3%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2026-7246
-
cpe:2.3:a:palletsprojects:click:0.1
-
cpe:2.3:a:palletsprojects:click:0.2
-
cpe:2.3:a:palletsprojects:click:0.3
-
cpe:2.3:a:palletsprojects:click:0.4
-
cpe:2.3:a:palletsprojects:click:0.5
-
cpe:2.3:a:palletsprojects:click:0.5.1
-
cpe:2.3:a:palletsprojects:click:0.6
-
cpe:2.3:a:palletsprojects:click:0.7
-
cpe:2.3:a:palletsprojects:click:1.0
-
cpe:2.3:a:palletsprojects:click:1.1
-
cpe:2.3:a:palletsprojects:click:1.x
-
cpe:2.3:a:palletsprojects:click:2.0
-
cpe:2.3:a:palletsprojects:click:2.1
-
cpe:2.3:a:palletsprojects:click:2.2
-
cpe:2.3:a:palletsprojects:click:2.4
-
cpe:2.3:a:palletsprojects:click:2.5
-
cpe:2.3:a:palletsprojects:click:2.6
-
cpe:2.3:a:palletsprojects:click:2.x
-
cpe:2.3:a:palletsprojects:click:3.0
-
cpe:2.3:a:palletsprojects:click:3.1
-
cpe:2.3:a:palletsprojects:click:3.2
-
cpe:2.3:a:palletsprojects:click:3.3
-
cpe:2.3:a:palletsprojects:click:3.x
-
cpe:2.3:a:palletsprojects:click:4.0
-
cpe:2.3:a:palletsprojects:click:4.1
-
cpe:2.3:a:palletsprojects:click:4.x
-
cpe:2.3:a:palletsprojects:click:5.0
-
cpe:2.3:a:palletsprojects:click:5.1
-
cpe:2.3:a:palletsprojects:click:5.x
-
cpe:2.3:a:palletsprojects:click:6.0
-
cpe:2.3:a:palletsprojects:click:6.1
-
cpe:2.3:a:palletsprojects:click:6.2
-
cpe:2.3:a:palletsprojects:click:6.3
-
cpe:2.3:a:palletsprojects:click:6.4
-
cpe:2.3:a:palletsprojects:click:6.5
-
cpe:2.3:a:palletsprojects:click:6.6
-
cpe:2.3:a:palletsprojects:click:6.7
-
cpe:2.3:a:palletsprojects:click:6.x
-
cpe:2.3:a:palletsprojects:click:7.0
-
cpe:2.3:a:palletsprojects:click:7.1
-
cpe:2.3:a:palletsprojects:click:7.1.1
-
cpe:2.3:a:palletsprojects:click:7.1.2
-
cpe:2.3:a:palletsprojects:click:7.x
-
cpe:2.3:a:palletsprojects:click:8.0.0
-
cpe:2.3:a:palletsprojects:click:8.0.1
-
cpe:2.3:a:palletsprojects:click:8.0.2
-
cpe:2.3:a:palletsprojects:click:8.0.3
-
cpe:2.3:a:palletsprojects:click:8.0.4
-
cpe:2.3:a:palletsprojects:click:8.0.x
-
cpe:2.3:a:palletsprojects:click:8.1.0
-
cpe:2.3:a:palletsprojects:click:8.1.1
-
cpe:2.3:a:palletsprojects:click:8.1.2
-
cpe:2.3:a:palletsprojects:click:8.1.3
-
cpe:2.3:a:palletsprojects:click:8.1.4
-
cpe:2.3:a:palletsprojects:click:8.1.5
-
cpe:2.3:a:palletsprojects:click:8.1.6
-
cpe:2.3:a:palletsprojects:click:8.1.7
-
cpe:2.3:a:palletsprojects:click:8.1.8
-
cpe:2.3:a:palletsprojects:click:8.2.0
-
cpe:2.3:a:palletsprojects:click:8.2.1
-
cpe:2.3:a:palletsprojects:click:8.2.2
-
cpe:2.3:a:palletsprojects:click:8.3.0
-
cpe:2.3:a:palletsprojects:click:8.3.1
-
cpe:2.3:a:palletsprojects:click:8.3.2