Vulnerability Details CVE-2026-7246
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2026-7246
-
cpe:2.3:a:palletsprojects:click:*