CVE-2026-7246

ADVISORY - nist

Summary

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

EPSS Score: 0.0081 (0.526)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Improper Neutralization of Special Elements used in a Command ('Command Injection')


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in