exposure-of-sensitive-information-to-an-unauthorized-actor
CVE-2026-44431
urllib3
CVSS Details
CVSS Score
5.3 MEDIUM
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward sensitive headers. This vulnerability is fixed in 2.7.0.
Disclosure Date
Public Disclosure
May 13, 2026