PT-2026-39666

Name of the Vulnerable Software and Affected Versions urllib3 versions 2.6.0 through 2.6.x Description An issue exists in the streaming API where the library may decompress an entire HTTP response instead of the requested portion. This occurs in two scenarios: during the second...

Security Bulletin:urllib3 Unbounded Decompression Chain Enables Denial of Service

Summary urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massiv...

SUSE-SU-2026:1412-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: Security issues: - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API...

Security update for python-urllib3

This update for python-urllib3 fixes the following issue: CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

MiracleLinux 8 : fence-agents-4.2.1-129.el8_10.24 (AXBA:2026-269:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-269:05 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression...

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

RHEL 8 : python-urllib3 (RHSA-2026:2717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2717 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

python-urllib3 security update

An update is available for python-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

python3.12-urllib3 security update

An update is available for python3.12-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

RLSA-2026:1088 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RLSA-2026:1254 Important: python-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RockyLinux 8 : python3.12-urllib3 (RLSA-2026:1226)

The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1226 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RHEL 9 : python3.12-urllib3 (RHSA-2026:1957)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:1957 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Important: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: python-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:1088 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:1224 Important: python3.11-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...