Introduction
A command injection vulnerability in one of Python's most popular CLI libraries quietly turned every application using click.edit() into a potential shell execution vector. Pallets Click, with over 17,400 GitHub stars and deep integration across the Python ecosystem, serves as the backbone for countless command line tools, developer utilities, and automation scripts, making CVE-2026-7246 a vulnerability with broad reach.
Click is the composable command line interface toolkit maintained by the Pallets Project, the same open source organization behind Flask. It is used extensively across the Python ecosystem to build CLI applications, from small developer scripts to production tooling. Its ubiquity means that a vulnerability in a core function like click.edit() has the potential to affect a significant number of downstream projects and environments.
Technical Information
Root Cause
The root cause of CVE-2026-7246 lies in the edit_files() function within the Click library. The vulnerable code path wraps a user supplied filename in double quotes and passes the resulting string directly to subprocess.Popen() with the shell=True parameter enabled. The library only applies double quote wrapping to the filename without escaping internal double quotes or other shell metacharacters. This creates a classic CWE-77 (Command Injection) condition.
When an application constructs a command such as:
<editor> "user_supplied_filename"
the assumption is that the double quotes will safely contain the filename as a single argument. However, because no escaping is performed on the contents of the filename, an attacker can craft a value that breaks out of the quoting context entirely.
Attack Flow
An attacker exploiting this vulnerability would follow these steps:
-
Identify an application or tool that passes externally influenced filenames to
click.edit(). This could be a CLI tool that accepts a filename argument, a web application that triggers an editor session, or a developer tool that opens files from untrusted sources. -
Craft a malicious filename that includes shell metacharacters designed to escape the double quote wrapping. For example, a filename like:
legitimate"; <injected_command>; echo "
- When the application calls
click.edit()with this filename, theedit_files()function constructs a shell command string. The resulting command passed tosubprocess.Popen(shell=True)becomes something like:
editor "legitimate"; <injected_command>; echo ""
-
The shell interprets this as three separate statements: the editor command on the truncated filename, the injected command which executes with the privileges of the running process, and a benign echo statement.
-
The injected command executes on the host system under the context of the unprivileged account running the application.
The Fix in Version 8.3.3
The patch applied in version 8.3.3 fundamentally changes how commands are constructed. The key changes are:
| Component | Previous Vulnerable Behavior | Updated Secure Behavior |
|---|---|---|
| edit_files | Used shell=True with quoted filenames | Uses shlex.split to create an argv list and removes shell=True |
| pager | Relied on shell tokenization | Uses shlex.split to split pager commands into argv lists |
By utilizing shlex.split to tokenize the editor and pager command strings into proper argv lists for subprocess.Popen, and explicitly removing shell=True, the library ensures that filenames are treated strictly as data arguments rather than executable shell code. This is the correct and well established pattern for safe subprocess invocation in Python.
CVSS and Severity Context
The vulnerability carries a CVSS v3.1 base score of 7.3 (reported as 7.2 in some sources), classified as high severity. The scoring reflects a local attack vector, high complexity, and required user interaction. While the attack vector is local rather than network based, the realistic attack scenarios (supply chain, developer tooling, CLI applications processing external input) make this a meaningful risk in practice.
Affected Systems and Versions
| Version Range | Status |
|---|---|
| All versions of Pallets Click prior to 8.3.3 (including 8.3.2 and below) | Vulnerable |
| Version 8.3.3 and later | Fixed |
Any application, tool, or library that depends on Click and uses the click.edit() function with externally influenced filenames is potentially exposed. This includes direct dependencies as well as transitive dependencies where Click is pulled in by another package.
Vendor Security History
The Pallets Project demonstrated a coordinated and responsible approach to handling this vulnerability. The disclosure was coordinated with the CERT Coordination Center, and the vendor successfully integrated the fix into release 8.3.3 prior to the public advisory publication on April 30, 2026. The release was made available on April 22, 2026, giving downstream consumers a window to patch before full details were published.
