urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

Summary

CVECVE-2026-21441
StatePUBLISHED
AssignerGitHub_M
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-01-07 22:15:44 UTC
Updated2026-07-03 13:16:59 UTC
Descriptionurllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.

Risk And Classification

Primary CVSS: v4.0 8.9 HIGH from [email protected]

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS: 0.026670000 probability, percentile 0.838950000 (date 2026-07-02)

Problem Types: CWE-409 | CWE-409 CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) | CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)


VersionSourceTypeScoreSeverityVector
4.0[email protected]Secondary8.9HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/C...
4.0CNADECLARED8.9HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
3.1[email protected]Primary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1ADPCVSS7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.10b0ca135-0b70-47e7-9f44-1890c2a1c46cSecondary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0 Breakdown

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Sub Conf.
None
Sub Integrity
None
Sub Availability
High

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Python Urllib3 All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Urllib3 Urllib3 affected >= 1.22, < 2.6.3 Not specified
ADP Red Hat Red Hat Enterprise Linux Server HighAvailability V. 7 ELS Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux Server ResilientStorage V. 7 ELS Not specified Not specified
ADP Red Hat Red Hat OpenStack Platform 17.1 Not specified Not specified
ADP Red Hat RHUI 4 For RHEL 8 Not specified Not specified
ADP Red Hat Red Hat Satellite 6.16 For RHEL 8 Not specified Not specified
ADP Red Hat Red Hat Satellite 6.16 For RHEL 9 Not specified Not specified
ADP Red Hat Red Hat Satellite 6.17 For RHEL 9 Not specified Not specified
ADP Red Hat Red Hat Satellite 6.18 For RHEL 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream V. 8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream AUS V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream AUS V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream TUS V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream TUS V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.9.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.9.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V.9.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V.9.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream V. 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS EUS V. 10.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS V. 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS V. 8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS AUS V. 8.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS AUS V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS AUS V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS E4S V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS TUS V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS E4S V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS TUS V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS E4S V.9.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS E4S V.9.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS EUS V.9.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS EUS V.9.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS V. 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux HighAvailability V. 8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability AUS V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux HighAvailability EUS EXTENSION V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability E4S V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability TUS V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability E4S V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability TUS V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability E4S V.9.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability E4S V.9.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux High Availability EUS V.9.4 Not specified Not specified
ADP Red Hat Multicluster Global Hub 1.4.5 Not specified Not specified
ADP Red Hat Multicluster Global Hub 1.5.4 Not specified Not specified
ADP Red Hat Network Observability NETOBSERV 1.11.2 Not specified Not specified
ADP Red Hat OpenShift API For Data Protection 1.3 Not specified Not specified
ADP Red Hat Red Hat AI Inference Server 3.2 Not specified Not specified
ADP Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.14 Not specified Not specified
ADP Red Hat Red Hat Advanced Cluster Management For Kubernetes 2.15 Not specified Not specified
ADP Red Hat Red Hat Advanced Cluster Security For Kubernetes 4.8 Not specified Not specified
ADP Red Hat Red Hat Advanced Cluster Security For Kubernetes 4.9 Not specified Not specified
ADP Red Hat Red Hat Ansible Automation Platform 2.4 Not specified Not specified
ADP Red Hat Red Hat Ansible Automation Platform 2.5 Not specified Not specified
ADP Red Hat Red Hat Ansible Automation Platform 2.6 Not specified Not specified
ADP Red Hat Red Hat Ceph Storage 7.1 Not specified Not specified
ADP Red Hat Red Hat Ceph Storage 8 Not specified Not specified
ADP Red Hat Red Hat Ceph Storage 9 Not specified Not specified
ADP Red Hat Red Hat Discovery 2 Not specified Not specified
ADP Red Hat Red Hat OpenShift AI 2.25 Not specified Not specified
ADP Red Hat Red Hat OpenShift AI 3.3 Not specified Not specified
ADP Red Hat Red Hat OpenShift Dev Spaces RHOSDS 3.26 Not specified Not specified
ADP Red Hat Red Hat OpenShift GitOps 1.17 Not specified Not specified
ADP Red Hat Red Hat OpenShift GitOps 1.18 Not specified Not specified
ADP Red Hat Red Hat OpenShift GitOps 1.19 Not specified Not specified
ADP Red Hat Red Hat Quay 3.10 Not specified Not specified
ADP Red Hat Red Hat Quay 3.12 Not specified Not specified
ADP Red Hat Red Hat Quay 3.13 Not specified Not specified
ADP Red Hat Red Hat Quay 3.14 Not specified Not specified
ADP Red Hat Red Hat Quay 3.15 Not specified Not specified
ADP Red Hat Red Hat Quay 3.16 Not specified Not specified
ADP Red Hat Red Hat Satellite 6.18 Not specified Not specified
ADP Red Hat Red Hat Trusted Artifact Signer 1.2 Not specified Not specified
ADP Red Hat Red Hat Trusted Artifact Signer 1.3 Not specified Not specified
ADP Red Hat Red Hat Update Infrastructure 5 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux ResilientStorage V. 8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux ResilientStorage E4S V.9.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux Resilient Storage E4S V.9.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux Resilient Storage EUS V.9.4 Not specified Not specified
ADP Red Hat Zero Trust Workload Identity Manager 1 Not specified Not specified
ADP Red Hat Cert-manager Operator For Red Hat OpenShift 1.18 Not specified Not specified
ADP Red Hat Mirror Registry For Red Hat OpenShift 2.0 Not specified Not specified
ADP Red Hat External Secrets Operator For Red Hat OpenShift Not specified Not specified
ADP Red Hat Logging Subsystem For Red Hat OpenShift Not specified Not specified
ADP Red Hat Migration Toolkit For Containers Not specified Not specified
ADP Red Hat Migration Toolkit For Virtualization Not specified Not specified
ADP Red Hat Multiarch Tuning Operator Not specified Not specified
ADP Red Hat Multicluster Engine For Kubernetes Not specified Not specified
ADP Red Hat OpenShift Developer Tools And Services Not specified Not specified
ADP Red Hat OpenShift Lightspeed Not specified Not specified
ADP Red Hat OpenShift Pipelines Not specified Not specified
ADP Red Hat OpenShift Serverless Not specified Not specified
ADP Red Hat Red Hat AI Inference Server Not specified Not specified
ADP Red Hat Red Hat Ansible Automation Platform 2 Not specified Not specified
ADP Red Hat Red Hat Ansible Automation Platform Ansible Core 2 Not specified Not specified
ADP Red Hat Red Hat Certification Program For Red Hat Enterprise Linux 9 Not specified Not specified
ADP Red Hat Red Hat Connectivity Link 1 Not specified Not specified
ADP Red Hat Red Hat Developer Hub Not specified Not specified
ADP Red Hat Red Hat Edge Manager Preview Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AI RHEL AI 3 Not specified Not specified
ADP Red Hat Red Hat Offline Knowledge Portal Not specified Not specified
ADP Red Hat Red Hat OpenShift AI RHOAI Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4 Not specified Not specified
ADP Red Hat Red Hat Openshift Data Foundation 4 Not specified Not specified
ADP Red Hat Red Hat OpenShift Dev Spaces Not specified Not specified
ADP Red Hat Red Hat Satellite 6 Not specified Not specified
ADP Red Hat Zero Trust Workload Identity Manager - Tech Preview Not specified Not specified
ADP Red Hat Assisted Installer For Red Hat OpenShift Container Platform 2 Not specified Not specified
ADP Red Hat Confidential Compute Attestation Not specified Not specified
ADP Red Hat Dynamic Accelerator Slicer Operator For Red Hat OpenShift Not specified Not specified
ADP Red Hat External Secrets Operator For Red Hat OpenShift - Tech Preview Not specified Not specified
ADP Red Hat Fence Agents Remediation Operator Not specified Not specified
ADP Red Hat Node HealthCheck Operator Not specified Not specified
ADP Red Hat OpenShift API For Data Protection Not specified Not specified
ADP Red Hat OpenShift Service Mesh 2 Not specified Not specified
ADP Red Hat OpenShift Service Mesh 3 Not specified Not specified
ADP Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Not specified Not specified
ADP Red Hat Red Hat Build Of Quarkus Native Builder Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 7 Not specified Not specified
ADP Red Hat Red Hat OpenShift GitOps Not specified Not specified
ADP Red Hat Red Hat OpenShift Update Service Not specified Not specified
ADP Red Hat Red Hat OpenStack Platform 13 Queens Not specified Not specified
ADP Red Hat Red Hat OpenStack Platform 16.2 Not specified Not specified
ADP Red Hat Red Hat OpenStack Platform 18.0 Not specified Not specified
ADP Red Hat Red Hat Quay 3 Not specified Not specified
ADP Red Hat Self Node Remediation Operator Not specified Not specified
ADP Red Hat Service Telemetry Framework 1.5 Not specified Not specified

References

ReferenceSourceLinkTags
security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21441.json 0b0ca135-0b70-47e7-9f44-1890c2a1c46c security.access.redhat.com
access.redhat.com/errata/RHSA-2026:1241 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/security/cve/CVE-2026-21441 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3960 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3406 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:4271 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1176 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:4215 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3462 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2106 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1504 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1693 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17457 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17463 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3296 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2681 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:33154 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1596 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:6292 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1609 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1712 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2764 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2760 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2762 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1726 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1485 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:8501 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17461 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1042 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3782 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1254 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1086 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1088 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:25127 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:5459 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:10184 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1676 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1674 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:4466 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1735 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2717 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:6287 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1618 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2723 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1793 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1791 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2924 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2926 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2563 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1619 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2728 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:14877 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2718 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1736 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1734 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1730 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:4467 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1704 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1706 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2695 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2919 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2911 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1957 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2925 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1794 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1792 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17460 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1546 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2500 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2144 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1041 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3869 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3444 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2126 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1168 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1166 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:8500 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1239 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:0990 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3713 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1087 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1089 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
lists.debian.org/debian-lts-announce/2026/01/msg00017.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org
access.redhat.com/errata/RHSA-2026:2456 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2900 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1942 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1803 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1805 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:8151 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b [email protected] github.com Patch
access.redhat.com/errata/RHSA-2026:28043 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1729 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2765 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1652 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1717 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:19712 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1599 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99 [email protected] github.com Vendor Advisory
bugzilla.redhat.com/show_bug.cgi 0b0ca135-0b70-47e7-9f44-1890c2a1c46c bugzilla.redhat.com
access.redhat.com/errata/RHSA-2026:1240 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1226 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1224 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:0981 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2256 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3884 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:28441 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1038 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3874 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:4185 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17462 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2139 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2137 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3461 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17456 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Additional Advisory Data

SourceTimeEvent
ADP2026-01-07T23:01:59.422ZReported to Red Hat.
ADP2026-01-07T22:09:01.936ZMade public.

Solutions

ADP: RHSA-2026:2911: Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS), Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)

ADP: RHSA-2026:28043: Red Hat OpenStack Platform 17.1

ADP: RHSA-2026:1485: RHUI 4 for RHEL 8

ADP: RHSA-2026:2765: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9

ADP: RHSA-2026:2764: Red Hat Satellite 6.17 for RHEL 9

ADP: RHSA-2026:2760: Red Hat Satellite 6.18 for RHEL 9

ADP: RHSA-2026:1240: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux HighAvailability (v. 8), Red Hat Enterprise Linux ResilientStorage (v. 8)

ADP: RHSA-2026:1224: Red Hat Enterprise Linux AppStream (v. 8)

ADP: RHSA-2026:1226: Red Hat Enterprise Linux AppStream (v. 8)

ADP: RHSA-2026:1803: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux High Availability AUS (v.8.4), Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)

ADP: RHSA-2026:1792: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux High Availability E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6)

ADP: RHSA-2026:1791: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux High Availability E4S (v.8.8), Red Hat Enterprise Linux High Availability TUS (v.8.8)

ADP: RHSA-2026:1676: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)

ADP: RHSA-2026:1734: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux High Availability E4S (v.9.0), Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)

ADP: RHSA-2026:1735: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux High Availability E4S (v.9.2), Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)

ADP: RHSA-2026:1546: Red Hat Enterprise Linux AppStream E4S (v.9.2)

ADP: RHSA-2026:1717: Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux High Availability EUS (v.9.4), Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)

ADP: RHSA-2026:1712: Red Hat Enterprise Linux AppStream EUS (v.9.4)

ADP: RHSA-2026:1957: Red Hat Enterprise Linux AppStream EUS (v.9.4)

ADP: RHSA-2026:1706: Red Hat Enterprise Linux AppStream EUS (v.9.6)

ADP: RHSA-2026:1704: Red Hat Enterprise Linux AppStream EUS (v.9.6)

ADP: RHSA-2026:1619: Red Hat Enterprise Linux AppStream EUS (v.9.6)

ADP: RHSA-2026:1239: Red Hat Enterprise Linux AppStream (v. 9)

ADP: RHSA-2026:1089: Red Hat Enterprise Linux AppStream (v. 9)

ADP: RHSA-2026:1088: Red Hat Enterprise Linux AppStream (v. 9)

ADP: RHSA-2026:1726: Red Hat Enterprise Linux BaseOS EUS (v. 10.0)

ADP: RHSA-2026:1086: Red Hat Enterprise Linux BaseOS (v. 10)

ADP: RHSA-2026:1254: Red Hat Enterprise Linux BaseOS (v. 8)

ADP: RHSA-2026:2728: Red Hat Enterprise Linux BaseOS AUS (v. 8.2)

ADP: RHSA-2026:2723: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)

ADP: RHSA-2026:2717: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)

ADP: RHSA-2026:2718: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)

ADP: RHSA-2026:1618: Red Hat Enterprise Linux BaseOS E4S (v.9.0)

ADP: RHSA-2026:1693: Red Hat Enterprise Linux BaseOS E4S (v.9.2)

ADP: RHSA-2026:1674: Red Hat Enterprise Linux BaseOS EUS (v.9.4)

ADP: RHSA-2026:1729: Red Hat Enterprise Linux BaseOS EUS (v.9.6)

ADP: RHSA-2026:1087: Red Hat Enterprise Linux BaseOS (v. 9)

ADP: RHSA-2026:1241: Red Hat Enterprise Linux HighAvailability (v. 8), Red Hat Enterprise Linux ResilientStorage (v. 8)

ADP: RHSA-2026:1805: Red Hat Enterprise Linux High Availability AUS (v.8.4), Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)

ADP: RHSA-2026:1793: Red Hat Enterprise Linux High Availability E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6)

ADP: RHSA-2026:1794: Red Hat Enterprise Linux High Availability E4S (v.8.8), Red Hat Enterprise Linux High Availability TUS (v.8.8)

ADP: RHSA-2026:2500: Multicluster Global Hub 1.4.5

ADP: RHSA-2026:2256: Multicluster Global Hub 1.5.4

ADP: RHSA-2026:2900: Network Observability (NETOBSERV) 1.11.2

ADP: RHSA-2026:3444: OpenShift API for Data Protection 1.3

ADP: RHSA-2026:3461: Red Hat AI Inference Server 3.2

ADP: RHSA-2026:3462: Red Hat AI Inference Server 3.2

ADP: RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14

ADP: RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15

ADP: RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8

ADP: RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9

ADP: RHSA-2026:1599: Red Hat Ansible Automation Platform 2.4

ADP: RHSA-2026:1609: Red Hat Ansible Automation Platform 2.5

ADP: RHSA-2026:1596: Red Hat Ansible Automation Platform 2.6

ADP: RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6

ADP: RHSA-2026:33154: Red Hat Ceph Storage 7.1

ADP: RHSA-2026:1652: Red Hat Ceph Storage 8

ADP: RHSA-2026:3406: Red Hat Ceph Storage 9

ADP: RHSA-2026:1736: Red Hat Discovery 2

ADP: RHSA-2026:10184: Red Hat OpenShift AI 2.25

ADP: RHSA-2026:3782: Red Hat OpenShift AI 2.25

ADP: RHSA-2026:2695: Red Hat OpenShift AI 2.25

ADP: RHSA-2026:2106: Red Hat OpenShift AI 2.25

ADP: RHSA-2026:19712: Red Hat OpenShift AI 3.3

ADP: RHSA-2026:3713: Red Hat OpenShift AI 3.3

ADP: RHSA-2026:2456: Red Hat OpenShift Dev Spaces (RHOSDS) 3.26

ADP: RHSA-2026:3869: Red Hat OpenShift GitOps 1.17

ADP: RHSA-2026:3874: Red Hat OpenShift GitOps 1.18

ADP: RHSA-2026:3884: Red Hat OpenShift GitOps 1.19

ADP: RHSA-2026:2762: Red Hat Quay 3.10

ADP: RHSA-2026:1730: Red Hat Quay 3.12

ADP: RHSA-2026:4185: Red Hat Quay 3.13

ADP: RHSA-2026:4215: Red Hat Quay 3.14

ADP: RHSA-2026:1942: Red Hat Quay 3.15

ADP: RHSA-2026:2681: Red Hat Quay 3.16

ADP: RHSA-2026:1504: Red Hat Satellite 6.18

ADP: RHSA-2026:6287: Red Hat Satellite 6.18

ADP: RHSA-2026:8500: Red Hat Satellite 6.18

ADP: RHSA-2026:6292: Red Hat Satellite 6.18

ADP: RHSA-2026:14877: Red Hat Satellite 6.18

ADP: RHSA-2026:8501: Red Hat Satellite 6.18

ADP: RHSA-2026:2924: Red Hat Trusted Artifact Signer 1.2

ADP: RHSA-2026:2926: Red Hat Trusted Artifact Signer 1.2

ADP: RHSA-2026:2925: Red Hat Trusted Artifact Signer 1.2

ADP: RHSA-2026:2919: Red Hat Trusted Artifact Signer 1.2

ADP: RHSA-2026:2137: Red Hat Trusted Artifact Signer 1.3

ADP: RHSA-2026:4271: Red Hat Trusted Artifact Signer 1.3

ADP: RHSA-2026:3296: Red Hat Trusted Artifact Signer 1.3

ADP: RHSA-2026:2144: Red Hat Trusted Artifact Signer 1.3

ADP: RHSA-2026:2139: Red Hat Trusted Artifact Signer 1.3

ADP: RHSA-2026:2126: Red Hat Trusted Artifact Signer 1.3

ADP: RHSA-2026:5459: Red Hat Trusted Artifact Signer 1.3

ADP: RHSA-2026:2563: Red Hat Update Infrastructure 5

ADP: RHSA-2026:17456: Zero Trust Workload Identity Manager 1

ADP: RHSA-2026:17457: Zero Trust Workload Identity Manager 1

ADP: RHSA-2026:17460: Zero Trust Workload Identity Manager 1

ADP: RHSA-2026:17461: Zero Trust Workload Identity Manager 1

ADP: RHSA-2026:17462: Zero Trust Workload Identity Manager 1

ADP: RHSA-2026:17463: Zero Trust Workload Identity Manager 1

ADP: RHSA-2026:1038: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:1166: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:0981: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:1176: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:1041: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:1168: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:0990: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:1042: cert-manager operator for Red Hat OpenShift 1.18

ADP: RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report