Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Python urllib3 Library May Allow Malicious Data Injection
RHSA-2026:2718
Summary
The urllib3 library, used by many Python applications, has a security issue that could allow an attacker to inject malicious data into a Python program. This could potentially lead to data corruption or other security issues. Update your Python applications that use urllib3 to the latest version to ensure you have the fix.
What to do
- Update redhat python-urllib3 to version 0:1.24.2-5.el8_8.3.
- Update redhat python3-urllib3 to version 0:1.24.2-5.el8_8.3.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | python-urllib3 | <= 0:1.24.2-5.el8_8.3 | 0:1.24.2-5.el8_8.3 |
| redhat | python3-urllib3 | <= 0:1.24.2-5.el8_8.3 | 0:1.24.2-5.el8_8.3 |
| redhat | python-urllib3 | <= 0:1.24.2-5.el8_8.3 | 0:1.24.2-5.el8_8.3 |
| redhat | python3-urllib3 | <= 0:1.24.2-5.el8_8.3 | 0:1.24.2-5.el8_8.3 |
Original title
Red Hat Security Advisory: python-urllib3 security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:2718 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2419455 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2419467 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2427726 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2718.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-66418 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-66418 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-66418 Vendor Advisory
- https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222... Third Party Advisory
- https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-66471 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-66471 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-66471 Vendor Advisory
- https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716e... Third Party Advisory
- https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-21441 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-21441 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-21441 Vendor Advisory
- https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc... Third Party Advisory
- https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99 Third Party Advisory
Published: 17 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026