An update for python-click is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2303 Final 1.0 1.0 2026-05-15 Initial 2026-05-15 2026-05-15 openEuler SA Tool V1.0 2026-05-15 python-click security update An update for python-click is now available for openEuler-24.03-LTS-SP3 Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fix(es): Pallets Click, versions 8.3.2 and below, contains a command injection vulnerability in the click.edit() function. The vulnerability allows attackers to inject arbitrary OS commands through unsanitized filename parameters in the click.edit() function. Attackers can exploit this vulnerability to execute malicious commands from an unprivileged account, potentially leading to complete system compromise.(CVE-2026-7246) An update for python-click is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High python-click https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2303 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7246 https://nvd.nist.gov/vuln/detail/CVE-2026-7246 openEuler-24.03-LTS-SP3 python-click-8.1.7-2.oe2403sp3.src.rpm python-click-help-8.1.7-2.oe2403sp3.noarch.rpm python3-click-8.1.7-2.oe2403sp3.noarch.rpm Pallets Click, versions 8.3.2 and below, contains a command injection vulnerability in the click.edit() function. The vulnerability allows attackers to inject arbitrary OS commands through unsanitized filename parameters in the click.edit() function. Attackers can exploit this vulnerability to execute malicious commands from an unprivileged account, potentially leading to complete system compromise. 2026-05-15 CVE-2026-7246 openEuler-24.03-LTS-SP3 High 7.2 AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H python-click security update 2026-05-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2303