Vulnerability in Urllib3

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib…

EPSS: 0.000 (9.6th percentile) — read the EPSS interpretation.

Affected products

Urllib3 — versions >= 1.22, < 2.6.3

Weakness classification (CWE)

CWE-409 — Improper Handling of Highly Compressed Data (Data Amplification)

References

https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99 (x_refsource_CONFIRM)
https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b (x_refsource_MISC)