CLSA-2026-1777884819 python3.9: Fix of CVE-2026-4786
CVE-2026-4786: fix webbrowser %action substitution bypass of the dash-prefix safety check by validating the post-substitution URL and expanding %action before %s in UnixBrowser argument assembly...