VYPR
Get started
← All advisories
High severityOSV Advisory· Published Jan 7, 2026· Updated Jan 23, 2026

urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

CVE-2026-21441

Description

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting preload_content=False when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when preload_content=False. If upgrading is not immediately possible, disable redirects by setting redirect=False for requests to untrusted source.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
urllib3PyPI
>= 1.22, < 2.6.32.6.3

Affected products

1

Patches

1
8864ac407bba

Merge commit from fork

https://github.com/urllib3/urllib3Illia VolochiiJan 7, 2026via ghsa
commit
4 files changed · +44 2
  • CHANGES.rst+13 0 modified
    @@ -1,3 +1,16 @@
+2.6.3 (TBD)
+==================
+
+Bugfixes
+--------
+
+- Fixed a high-severity security issue where decompression-bomb safeguards of
+  the streaming API were bypassed when HTTP redirects were followed.
+  (`GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>`__)
+
+TODO: add other entries.
+
+
 2.6.2 (2025-12-11)
 ==================
  • dummyserver/app.py+7 1 modified
    @@ -233,10 +233,16 @@ async def redirect() -> ResponseReturnValue:
     values = await request.values
     target = values.get("target", "/")
     status = values.get("status", "303 See Other")
+    compressed = values.get("compressed") == "true"
     status_code = status.split(" ")[0]
 
     headers = [("Location", target)]
-    return await make_response("", status_code, headers)
+    if compressed:
+        headers.append(("Content-Encoding", "gzip"))
+        data = gzip.compress(b"foo")
+    else:
+        data = b""
+    return await make_response(data, status_code, headers)
 
 
 @hypercorn_app.route("/redirect_after")
  • src/urllib3/response.py+5 1 modified
    @@ -797,7 +797,11 @@ def drain_conn(self) -> None:
         Unread data in the HTTPResponse connection blocks the connection from being released back to the pool.
         """
         try:
-            self.read()
+            self.read(
+                # Do not spend resources decoding the content unless
+                # decoding has already been initiated.
+                decode_content=self._has_decoded_content,
+            )
         except (HTTPError, OSError, BaseSSLError, HTTPException):
             pass
  • test/with_dummyserver/test_connectionpool.py+19 0 modified
    @@ -508,6 +508,25 @@ def test_redirect(self) -> None:
             assert r.status == 200
             assert r.data == b"Dummy server!"
 
+    @mock.patch("urllib3.response.GzipDecoder.decompress")
+    def test_no_decoding_with_redirect_when_preload_disabled(
+        self, gzip_decompress: mock.MagicMock
+    ) -> None:
+        """
+        Test that urllib3 does not attempt to decode a gzipped redirect
+        response when `preload_content` is set to `False`.
+        """
+        with HTTPConnectionPool(self.host, self.port) as pool:
+            # Three requests are expected: two redirects and one final / 200 OK.
+            response = pool.request(
+                "GET",
+                "/redirect",
+                fields={"target": "/redirect?compressed=true", "compressed": "true"},
+                preload_content=False,
+            )
+        assert response.status == 200
+        gzip_decompress.assert_not_called()
+
     def test_303_redirect_makes_request_lose_body(self) -> None:
         with HTTPConnectionPool(self.host, self.port) as pool:
             response = pool.request(

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.