HIGH
urllib3
CVE published 2026-05-13
CVE-2026-44431
The urllib3 library, a popular HTTP client for Python, has a vulnerability that allows cross-origin redirects to forward sensitive headers when using the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False). This issue affects versions from 1.23 to before 2.7.0. The vulnerability is fixed in version 2.7.0. Users of affected versions should update to 2.7.0 or apply comp [truncated]