PatchSiren cyber security CVE debrief
CVE-2026-44431 urllib3 CVE debrief
The urllib3 library, a popular HTTP client for Python, has a vulnerability that allows cross-origin redirects to forward sensitive headers when using the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False). This issue affects versions from 1.23 to before 2.7.0. The vulnerability is fixed in version 2.7.0. Users of affected versions should update to 2.7.0 or apply compensating controls to mitigate the risk.
- Vendor
- urllib3
- Product
- urllib3
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-13
- Original CVE updated
- 2026-06-26
- Advisory published
- 2026-05-13
- Advisory updated
- 2026-06-26
Who should care
Developers and security teams using the urllib3 library in their Python applications should be aware of this vulnerability. Given the high CVSS score of 8.2, organizations using affected versions of urllib3 should prioritize patching or applying mitigations. This vulnerability could potentially lead to unauthorized access or data breaches if exploited.
Technical summary
The urllib3 library, used for HTTP requests in Python, has a vulnerability that allows sensitive headers to be forwarded during cross-origin redirects. This occurs when using the low-level API, specifically through ProxyManager.connection_from_url().urlopen(..., assert_same_host=False). The affected versions range from 1.23 up to but not including 2.7.0. The fix is included in version 2.7.0. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 8.2, classified as HIGH severity.
Defensive priority
High priority should be given to patching or mitigating this vulnerability due to its high CVSS score and potential impact. Organizations should inventory their systems and applications for usage of affected urllib3 versions and prioritize updates to version 2.7.0 or later.
Recommended defensive actions
- Inventory Python applications and systems for usage of urllib3 library versions between 1.23 and 2.7.0.
- Update urllib3 to version 2.7.0 or later in affected applications.
- Implement compensating controls such as web application firewalls or intrusion detection systems to monitor and block suspicious traffic.
- Monitor for and respond to potential exploitation attempts.
- Review and update security policies and procedures to ensure awareness and mitigation of similar vulnerabilities in the future.
Evidence notes
The CVE-2026-44431 vulnerability is documented in the official CVE record and NVD detail pages. Additional information is provided by the urllib3 security advisory on GitHub and a Debian LTS announce mailing list entry. These sources confirm the vulnerability's existence, its fix in version 2.7.0, and provide context for affected users.
Official resources
-
CVE-2026-44431 CVE record
CVE.org
-
CVE-2026-44431 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
This article is AI-assisted and based on the supplied source corpus.