CVE-2026-44431
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
A vulnerability in the urllib3 library for Python (versions 1.23 to 2.7.0) allows leakage of sensitive HTTP headers during cross-origin redirects. The issue occurs when using the low-level API ProxyManager.connection_from_url().urlopen() with assert_same_host=False.
Risk Assessment
An attacker can intercept sensitive authentication data (e.g., tokens, cookies) sent in headers during redirects to external servers, leading to confidentiality breaches and potential session hijacking.
Recommendation
Immediately update urllib3 to version 2.7.0 or later. In the meantime, avoid using assert_same_host=False in connections with ProxyManager.
Original NVD description (English source)
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

