Primary

Context

Python CPython Webbrowser Module Leading Dash Vulnerability

Vulnerability

A vulnerability exists in the Python CPython standard library's webbrowser module, specifically in the webbrowser.open() API. This API previously accepted URLs with leading dashes, which could be misinterpreted as command line options by certain web browsers. The issue has been addressed by updating the API to reject leading dashes. Users are advised to sanitize URLs before passing them to webbrowser.open() to prevent potential misinterpretation.

Impact

Exploitation of this vulnerability could lead to unintended command line option handling by web browsers, potentially causing unexpected behavior or security issues.

Remediation

Users are recommended to sanitize URLs before using them with the webbrowser.open() API. The latest version of CPython, which includes this fix, can be downloaded from the official Python website.

Added: Mar 20, 2026, 3:18 PM

Updated: Mar 20, 2026, 3:18 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

8.3

relevance

4.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

8.3

relevance

4.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Python CPython Webbrowser Module Leading Dash Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Python CPython

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating