Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 43: python-urllib3 High Threat HTTP Redirect Issue CVE-2026-21441

fedora
Calendar Grey January 10, 2026
Dist Fedora Esm H88
Critical update for python-urllib3 in Fedora 43 fixes a high-severity issue regarding HTTP redirects. Upgrade recommended.
2.6.3 (2026-01-07) Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed

Summary

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings

many critical features that are missing from the Python standard libraries:

\u2022 Thread safety.

\u2022 Connection pooling.

\u2022 Client-side SSL/TLS verification.

\u2022 File uploads with multipart encoding.

\u2022 Helpers for retrying requests and dealing with HTTP redirects.

\u2022 Support for gzip, deflate, brotli, and zstd encoding.

\u2022 Proxy support for HTTP and SOCKS.

\u2022 100% test coverage.

Update Information:

2.6.3 (2026-01-07) Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. GHSA-38jv-5279-wg99, CVE-2026-21441 Started treating Retry-After times greater than 6 hours as 6 hours by default.

Topics%20covered

Topics Covered

security advisory security issue fedora high python-urllib3 http redirect

Change Log

* Wed Jan 7 2026 Benjamin A. Beasley - 2.6.3-1 - Update to 2.6.3 (close RHBZ#2427603)

References


[ 1 ] Bug #2427603 - python-urllib3-2.6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2427603

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-724d1b1044' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-urllib3
Product: Fedora 43
Version: 2.6.3
Release: 1.fc43
URL: https://github.com/urllib3/urllib3
Summary: HTTP library with thread-safe connection pooling, file post, and more

Topics%20covered

Topics Covered

security advisory security issue fedora high python-urllib3 http redirect

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here