Medium severity5.3GHSA Advisory· Published May 13, 2026· Updated May 14, 2026
CVE-2026-44431
CVE-2026-44431
Description
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
urllib3PyPI | >= 1.23, < 2.7.0 | 2.7.0 |
Affected products
186- osv-coords185 versionspkg:apk/chainguard/airflow-3pkg:apk/chainguard/airflow-core-3pkg:apk/chainguard/ansible-operatorpkg:apk/chainguard/ansible-operator-fipspkg:apk/chainguard/authentik-2025.12pkg:apk/chainguard/authentik-2026.2pkg:apk/chainguard/authentik-fips-2025.12pkg:apk/chainguard/authentik-fips-2026.2pkg:apk/chainguard/aws-cli-1pkg:apk/chainguard/aws-cli-2pkg:apk/chainguard/awxpkg:apk/chainguard/azpkg:apk/chainguard/azure-functions-host-python3.11-workerpkg:apk/chainguard/azure-functions-host-python3.12-workerpkg:apk/chainguard/azure-functions-host-python3.13-workerpkg:apk/chainguard/azureml-inference-server-httppkg:apk/chainguard/azureml-inference-server-http-fipspkg:apk/chainguard/barmanpkg:apk/chainguard/barman-cloudnative-pgpkg:apk/chainguard/confluent-docker-utilspkg:apk/chainguard/dagster-fipspkg:apk/chainguard/dask-kubernetespkg:apk/chainguard/datadog-agent-7.71pkg:apk/chainguard/datadog-agent-7.72pkg:apk/chainguard/datadog-agent-7.74pkg:apk/chainguard/datadog-agent-7.76pkg:apk/chainguard/datadog-agent-7.76-core-integrationspkg:apk/chainguard/datadog-agent-7.77pkg:apk/chainguard/datadog-agent-7.77-core-integrationspkg:apk/chainguard/datadog-agent-7.78pkg:apk/chainguard/datadog-agent-7.78-core-integrationspkg:apk/chainguard/datadog-agent-7.79pkg:apk/chainguard/datadog-agent-7.79-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.72pkg:apk/chainguard/datadog-agent-fips-7.73pkg:apk/chainguard/datadog-agent-fips-7.74pkg:apk/chainguard/datadog-agent-fips-7.76pkg:apk/chainguard/datadog-agent-fips-7.76-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.77pkg:apk/chainguard/datadog-agent-fips-7.77-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.78pkg:apk/chainguard/datadog-agent-fips-7.78-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.79pkg:apk/chainguard/datadog-agent-fips-7.79-core-integrationspkg:apk/chainguard/datahub-ingestionpkg:apk/chainguard/datahub-ingestion-fipspkg:apk/chainguard/dbt-bigquerypkg:apk/chainguard/dbt-corepkg:apk/chainguard/dbt-snowflakepkg:apk/chainguard/duplicitypkg:apk/chainguard/ggshieldpkg:apk/chainguard/gitlab-toolbox-ce-18.10pkg:apk/chainguard/gitlab-toolbox-ce-18.11pkg:apk/chainguard/gitlab-toolbox-ce-18.9pkg:apk/chainguard/gitlab-toolbox-ce-fips-18.11pkg:apk/chainguard/httpiepkg:apk/chainguard/jupyter-base-notebookpkg:apk/chainguard/jwt-toolpkg:apk/chainguard/katib-earlystoppingpkg:apk/chainguard/katib-suggestion-hyperbandpkg:apk/chainguard/katib-suggestion-hyperoptpkg:apk/chainguard/katib-suggestion-nas-dartspkg:apk/chainguard/katib-suggestion-optuna-enaspkg:apk/chainguard/katib-suggestion-pbt-enaspkg:apk/chainguard/katib-suggestion-skopt-enaspkg:apk/chainguard/keep-apipkg:apk/chainguard/keep-api-fipspkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/kubeflow-volumes-web-apppkg:apk/chainguard/label-studiopkg:apk/chainguard/litellmpkg:apk/chainguard/localstackpkg:apk/chainguard/metaflow-servicepkg:apk/chainguard/metaflow-service-fipspkg:apk/chainguard/mlflowpkg:apk/chainguard/mlflow-fipspkg:apk/chainguard/mlflow-iamguarded-compatpkg:apk/chainguard/nemopkg:apk/chainguard/neuvector-manager-clipkg:apk/chainguard/opalpkg:apk/chainguard/opentelemetry-python-instrumentationpkg:apk/chainguard/open-webuipkg:apk/chainguard/pgadmin4pkg:apk/chainguard/pgadmin4-fipspkg:apk/chainguard/py3.10-opentelemetry-exporter-otlppkg:apk/chainguard/py3.10-pip-basepkg:apk/chainguard/py3.11-opentelemetry-exporter-otlppkg:apk/chainguard/py3.11-pip-basepkg:apk/chainguard/py3.11-prefectpkg:apk/chainguard/py3.11-prefect-fipspkg:apk/chainguard/py3.12-opentelemetry-exporter-otlppkg:apk/chainguard/py3.12-pip-basepkg:apk/chainguard/py3.12-prefectpkg:apk/chainguard/py3.12-prefect-fipspkg:apk/chainguard/py3.13-opentelemetry-exporter-otlppkg:apk/chainguard/py3.13-pip-basepkg:apk/chainguard/py3.13-prefectpkg:apk/chainguard/py3.13-prefect-fipspkg:apk/chainguard/py3.13-scanner-test-librariespkg:apk/chainguard/py3.14-pip-basepkg:apk/chainguard/py3.14-prefectpkg:apk/chainguard/py3.9-pippkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/py3-hashinpkg:apk/chainguard/pypy-3.11pkg:apk/chainguard/request-1276pkg:apk/chainguard/semgreppkg:apk/chainguard/spamcheckpkg:apk/chainguard/superset-5.0pkg:apk/chainguard/superset-6.0pkg:apk/chainguard/synapsepkg:apk/chainguard/tensorflow-cpu-jupyterpkg:apk/chainguard/tensorflow-gpu-jupyterpkg:apk/chainguard/text-generation-inferencepkg:apk/chainguard/tritonserver-backend-vllm-cuda-12.9pkg:apk/chainguard/tritonserver-backend-vllm-cuda-13.0pkg:apk/chainguard/vast-csipkg:apk/chainguard/wazuh-manager-frameworkpkg:apk/chainguard/wazuh-manager-framework-fipspkg:apk/wolfi/airflow-3pkg:apk/wolfi/aws-cli-2pkg:apk/wolfi/azpkg:apk/wolfi/confluent-docker-utilspkg:apk/wolfi/dask-kubernetespkg:apk/wolfi/datadog-agent-7.72pkg:apk/wolfi/datadog-agent-7.74pkg:apk/wolfi/datadog-agent-7.76pkg:apk/wolfi/datadog-agent-7.76-core-integrationspkg:apk/wolfi/datadog-agent-7.77pkg:apk/wolfi/datadog-agent-7.77-core-integrationspkg:apk/wolfi/datadog-agent-7.78pkg:apk/wolfi/datadog-agent-7.78-core-integrationspkg:apk/wolfi/datadog-agent-7.79pkg:apk/wolfi/datadog-agent-7.79-core-integrationspkg:apk/wolfi/ggshieldpkg:apk/wolfi/httpiepkg:apk/wolfi/jupyter-base-notebookpkg:apk/wolfi/jwt-toolpkg:apk/wolfi/katib-earlystoppingpkg:apk/wolfi/katib-suggestion-hyperbandpkg:apk/wolfi/katib-suggestion-hyperoptpkg:apk/wolfi/katib-suggestion-nas-dartspkg:apk/wolfi/katib-suggestion-optuna-enaspkg:apk/wolfi/katib-suggestion-pbt-enaspkg:apk/wolfi/katib-suggestion-skopt-enaspkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/kubeflow-volumes-web-apppkg:apk/wolfi/mlflowpkg:apk/wolfi/mlflow-iamguarded-compatpkg:apk/wolfi/neuvector-manager-clipkg:apk/wolfi/open-webuipkg:apk/wolfi/py3.10-pip-basepkg:apk/wolfi/py3.11-pip-basepkg:apk/wolfi/py3.12-pip-basepkg:apk/wolfi/py3.13-pip-basepkg:apk/wolfi/py3.14-pip-basepkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/pypy-3.11pkg:apk/wolfi/semgreppkg:apk/wolfi/superset-5.0pkg:apk/wolfi/superset-6.0pkg:apk/wolfi/tensorflow-cpu-jupyterpkg:pypi/urllib3pkg:rpm/almalinux/python3.12-urllib3pkg:rpm/almalinux/python3.14-urllib3pkg:rpm/almalinux/python3-urllib3pkg:rpm/opensuse/python-urllib3_1&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-urllib3_1&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-urllib3_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.2.1-r4+ 184 more
- (no CPE)range: < 3.2.1-r4
- (no CPE)range: < 3.2.1-r1
- (no CPE)range: < 1.42.3-r1
- (no CPE)range: < 1.42.2-r8
- (no CPE)range: < 2025.12.4-r9
- (no CPE)range: < 2026.2.1-r9
- (no CPE)range: < 2025.12.4-r7
- (no CPE)range: < 2026.2.1-r6
- (no CPE)range: < 1.45.7-r0
- (no CPE)range: < 2.34.55-r0
- (no CPE)range: < 24.6.1-r36
- (no CPE)range: < 2.86.0-r0
- (no CPE)range: < 4.1052.100-r1
- (no CPE)range: < 4.1052.100-r1
- (no CPE)range: < 4.1052.100-r1
- (no CPE)range: < 1.5.1-r3
- (no CPE)range: < 1.5.1-r3
- (no CPE)range: < 3.18.0-r4
- (no CPE)range: < 3.18.0-r4
- (no CPE)range: < 0.0.172-r0
- (no CPE)range: < 1.13.3-r1
- (no CPE)range: < 2026.3.0-r5
- (no CPE)range: < 7.71.2-r26
- (no CPE)range: < 7.72.4-r27
- (no CPE)range: < 7.74.1-r19
- (no CPE)range: < 7.76.3-r22
- (no CPE)range: < 7.76.3-r22
- (no CPE)range: < 7.77.3-r15
- (no CPE)range: < 7.77.3-r15
- (no CPE)range: < 7.78.4-r10
- (no CPE)range: < 7.78.4-r10
- (no CPE)range: < 7.79.2-r2
- (no CPE)range: < 7.79.2-r2
- (no CPE)range: < 7.72.4-r18
- (no CPE)range: < 7.73.3-r17
- (no CPE)range: < 7.74.1-r16
- (no CPE)range: < 7.76.3-r21
- (no CPE)range: < 7.76.3-r21
- (no CPE)range: < 7.77.3-r16
- (no CPE)range: < 7.77.3-r16
- (no CPE)range: < 7.78.4-r7
- (no CPE)range: < 7.78.4-r7
- (no CPE)range: < 7.79.2-r1
- (no CPE)range: < 7.79.2-r2
- (no CPE)range: < 1.5.0.6-r0
- (no CPE)range: < 1.5.0.4-r0
- (no CPE)range: < 1.10.3-r1
- (no CPE)range: < 1.11.10-r0
- (no CPE)range: < 1.10.4-r2
- (no CPE)range: < 3.0.7-r4
- (no CPE)range: < 1.49.0-r2
- (no CPE)range: < 18.10.6-r0
- (no CPE)range: < 18.11.2-r1
- (no CPE)range: < 18.9.7-r0
- (no CPE)range: < 18.11.2-r1
- (no CPE)range: < 3.2.4-r10
- (no CPE)range: < 7.5.6-r1
- (no CPE)range: < 2.3.0-r6
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.51.0-r7
- (no CPE)range: < 0.51.0-r7
- (no CPE)range: < 2.16.1-r3
- (no CPE)range: < 2.16.1-r1
- (no CPE)range: < 1.10.0-r18
- (no CPE)range: < 1.23.0-r5
- (no CPE)range: < 1.83.14.0-r1
- (no CPE)range: < 4.14.0-r11
- (no CPE)range: < 2.5.0-r11
- (no CPE)range: < 2.5.0-r4
- (no CPE)range: < 3.13.0-r0
- (no CPE)range: < 3.12.0-r0
- (no CPE)range: < 3.13.0-r0
- (no CPE)range: < 2.7.3-r6
- (no CPE)range: < 5.5.1-r2
- (no CPE)range: < 0.9.5-r1
- (no CPE)range: < 0.63.1-r0
- (no CPE)range: < 0.9.6-r1
- (no CPE)range: < 9.15-r1
- (no CPE)range: < 9.15-r1
- (no CPE)range: < 1.40.0-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 1.40.0-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 3.7.0-r1
- (no CPE)range: < 3.7.0-r1
- (no CPE)range: < 1.40.0-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 3.7.0-r1
- (no CPE)range: < 3.7.0-r1
- (no CPE)range: < 1.40.0-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 3.7.0-r1
- (no CPE)range: < 3.7.0-r1
- (no CPE)range: < 0.0.1-r4
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 3.7.0-r1
- (no CPE)range: < 25.3-r0
- (no CPE)range: < 0.29.0-r2
- (no CPE)range: < 1.0.5-r6
- (no CPE)range: < 7.3.23-r4
- (no CPE)range: < 0.29.0-r1
- (no CPE)range: < 1.163.0-r0
- (no CPE)range: < 3.5.3-r10
- (no CPE)range: < 5.0.0-r25
- (no CPE)range: < 6.0.0-r12
- (no CPE)range: < 1.151.0-r3
- (no CPE)range: < 2.21.0-r6
- (no CPE)range: < 2.21.0-r6
- (no CPE)range: < 3.3.7-r12
- (no CPE)range: < 25.9.0_git20260318-r1
- (no CPE)range: < 25.11-r7
- (no CPE)range: < 2.6.5-r1
- (no CPE)range: < 4.14.4-r6
- (no CPE)range: < 4.14.5-r1
- (no CPE)range: < 3.2.1-r4
- (no CPE)range: < 2.34.55-r0
- (no CPE)range: < 2.86.0-r0
- (no CPE)range: < 0.0.172-r0
- (no CPE)range: < 2026.3.0-r5
- (no CPE)range: < 7.72.4-r27
- (no CPE)range: < 7.74.1-r19
- (no CPE)range: < 7.76.3-r22
- (no CPE)range: < 7.76.3-r22
- (no CPE)range: < 7.77.3-r15
- (no CPE)range: < 7.77.3-r15
- (no CPE)range: < 7.78.4-r10
- (no CPE)range: < 7.78.4-r10
- (no CPE)range: < 7.79.2-r2
- (no CPE)range: < 7.79.2-r2
- (no CPE)range: < 1.49.0-r2
- (no CPE)range: < 3.2.4-r10
- (no CPE)range: < 7.5.6-r1
- (no CPE)range: < 2.3.0-r6
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 0.19.0-r21
- (no CPE)range: < 2.16.1-r3
- (no CPE)range: < 2.16.1-r1
- (no CPE)range: < 1.10.0-r18
- (no CPE)range: < 3.13.0-r0
- (no CPE)range: < 3.13.0-r0
- (no CPE)range: < 5.5.1-r2
- (no CPE)range: < 0.9.6-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 26.1.2-r1
- (no CPE)range: < 0.29.0-r2
- (no CPE)range: < 7.3.23-r4
- (no CPE)range: < 1.163.0-r0
- (no CPE)range: < 5.0.0-r25
- (no CPE)range: < 6.0.0-r12
- (no CPE)range: < 2.21.0-r6
- (no CPE)range: >= 1.23, < 2.7.0
- (no CPE)range: < 1.26.19-3.el9_8
- (no CPE)range: < 2.6.3-2.el10_2
- (no CPE)range: < 1.26.19-4.el10_2
- (no CPE)range: < 1.26.20-6.1
- (no CPE)range: < 1.26.20-160000.4.1
- (no CPE)range: < 1.26.20-160000.4.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.5.0-160000.6.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.0.7-150400.7.30.1
- (no CPE)range: < 2.5.0-160000.6.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-qccp-gfcp-xxvcghsaADVISORY
- github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvcnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-44431ghsaADVISORY
News mentions
0No linked articles in our index yet.