urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

UBUNTU-CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-2144)

According to the versions of the python-pip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with...

EulerOS Virtualization 2.10.0 : python-pip (EulerOS-SA-2026-2061)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in...

EulerOS Virtualization 2.12.1 : python-pip (EulerOS-SA-2026-2086)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in...

Security Bulletin: Location Service for ESRI Component uses urllib3-2.6.3 library which was vulnerable to CVE-2026-44431 and CVE-2026-44432

Summary Location Service for ESRI Component uses urllib3-2.6.3 library which was vulnerable to CVE-2026-44431 and CVE-2026-44432. Vulnerability Details CVEID:CVE-2026-44431 DESCRIPTION: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from t...

CVE-2026-44432

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

Linux Distros Unpatched Vulnerability : CVE-2026-44432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during...

0lever-utils (>=0.0.2 <=0.0.7), 0xdegenmo-lighter-mcp (=0.1.1) +16104 more potentially affected by CVE-2026-44431 via urllib3 (>=1.23.0 <=2.6.3)

urllib3 PYPI version =1.23.0, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 and more Source cves: CVE-2026-44431 Source advisory: OSV:PYSEC-2026-141...

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +308 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.5.0, =1.0.5, =26.1.0, =26.5.0b1, =0.7.0, =0.45.0, =0.2.6, =0.8.0 - auditize =0.10.0 - authutils =7.2.0 and more Source cves: CVE-2026-44432 Source advisory: OSV:PYSEC-2026-142...

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

Decompression Bomb

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Decompression Bomb either in HTTPResponse.read when Brotli is in use, or when HTTPResponse.drainconn is called after partial decompression has begun. An...

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +308 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.5.0, =1.0.5, =26.1.0, =26.5.0b1, =0.7.0, =0.45.0, =0.2.6, =0.8.0 - auditize =0.10.0 - authutils =7.2.0 and more Source cves: CVE-2026-44432 Source advisory: SNYK:PYTHON-URLLIB3-16642059...

0lever-utils (>=0.0.2 <=0.0.7), 0xdegenmo-lighter-mcp (=0.1.1) +16104 more potentially affected by CVE-2026-44431 via urllib3 (>=1.23.0 <=2.6.3)

urllib3 PYPI version =1.23.0, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 and more Source cves: CVE-2026-44431 Source advisory: OSV:GHSA-QCCP-GFCP-XXVC...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-urllib3 (UTSA-2026-017489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017489 advisory. An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression...

Security Bulletin: Vulnerability in urllib3 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in urllib3 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

TencentOS Server 2: python-urllib3 (TSSA-2026:0250)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0250 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for January 2026

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 IF001 Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5...