CLSA-2026-1777891107 python3.11: Fix of CVE-2026-4786
CVE-2026-4786: fix webbrowser %action substitution bypass of the dash-prefix safety check by validating the post-substitution URL and expanding %action before %s in UnixBrowser argument assembly...