CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Palletsprojects: >> Click >> 8.1.7 Security Vulnerabilities

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

CVSS Score

7.2

EPSS Score

0.0

Published

2026-04-30

Page 1

Vulnerabilities

Vulnerable Software

Palletsprojects: >> Click >> 8.1.7 Security Vulnerabilities

Products

Pricing

Contact Us