Packages
- python-urllib3 - HTTP library with thread-safe connection pooling
Details
It was discovered that urllib3 incorrectly handled cross-origin redirects
in ProxyManager. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-44431)
It was discovered that urllib3 incorrectly handled decompression of
specially crafted responses. A remote attacker could possibly use this
issue to cause urllib3 to consume resources, leading to a denial of
service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-44432)
It was discovered that urllib3 incorrectly handled cross-origin redirects
in ProxyManager. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-44431)
It was discovered that urllib3 incorrectly handled decompression of
specially crafted responses. A remote attacker could possibly use this
issue to cause urllib3 to consume resources, leading to a denial of
service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-44432)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | python3-urllib3 – 2.6.3-1ubuntu1.1 | ||
| 25.10 questing | python3-urllib3 – 2.3.0-3ubuntu0.6 | ||
| 24.04 LTS noble | python3-urllib3 – 2.0.7-1ubuntu0.7 | ||
| 22.04 LTS jammy | python3-urllib3 – 1.26.5-1~exp1ubuntu0.7 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.