Ghostwire

CVE-2026-7246: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function,...

HIGH CVSS 7.2

Published: April 30, 2026 | Last Modified: April 30, 2026

Description

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

github.com/pallets/click/releases/tag/8.3.3
github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-h
github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-h