CVE-2026-44431
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
| CWE | CWE-200 |
| Vendor | urllib3 |
| Product | urllib3 |
| Published | May 13, 2026 |
| Last Updated | May 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for urllib3 urllib3
Be the first to know when new unknown vulnerabilities affecting urllib3 urllib3 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
urllib3 / urllib3
>= 1.23, < 2.7.0