Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Python urllib3 Update Fixes Security Issues with Decompression
SUSE-SU-2026:1412-1
Summary
This update for Python urllib3 fixes security issues that could cause a program to consume excessive resources and potentially lead to a denial of service. It's recommended to update Python urllib3 to ensure security and prevent resource exhaustion. If you use Python urllib3, update it to the latest version to stay secure.
What to do
- Update python-urllib3 to version 1.25.10-3.48.4.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Public Cloud 12 | – | python-urllib3 |
< 1.25.10-3.48.4 Fix: upgrade to 1.25.10-3.48.4
|
| SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 | – | python-urllib3 |
< 1.25.10-3.48.4 Fix: upgrade to 1.25.10-3.48.4
|
Original title
Security update for python-urllib3
Original description
This update for python-urllib3 fixes the following issues:
Security issues:
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
Non security issue:
- disabled response decompression with brotli due to missing brotli feature (jsc#PED-15380)
Security issues:
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
Non security issue:
- disabled response decompression with brotli due to missing brotli feature (jsc#PED-15380)
- https://www.suse.com/support/update/announcement/2026/suse-su-20261412-1/ Vendor Advisory
- https://bugzilla.suse.com/1254866 Third Party Advisory
- https://bugzilla.suse.com/1254867 Third Party Advisory
- https://bugzilla.suse.com/1256331 Third Party Advisory
- https://bugzilla.suse.com/1259829 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-66418 URL
- https://www.suse.com/security/cve/CVE-2025-66471 URL
- https://www.suse.com/security/cve/CVE-2026-21441 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026