Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu: urllib3 Important Denial of Service CVE-2026-21441

ubuntu
Calendar Grey January 12, 2026
Dist Ubuntu Esm H88
Update your Ubuntu system to fix the urllib3 resource exhaustion issue causing potential DoS attacks.
urllib3 could be made to use excessive resources if it received specially crafted network traffic.

Summary

urllib3 could be made to use excessive resources if it received specially

crafted network traffic.

Software Description:

- python-urllib3: HTTP library with thread-safe connection pooling

Details:

It was discovered that urllib3 incorrectly handled decompression during

HTTP redirects. An attacker could possibly use this issue to cause urllib3

to use excessive resources, causing a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  python3-urllib3                 2.3.0-3ubuntu0.2

Ubuntu 25.04
  python3-urllib3                 2.3.0-2ubuntu0.3

Ubuntu 24.04 LTS
  python3-urllib3                 2.0.7-1ubuntu0.4

Ubuntu 22.04 LTS
  python3-urllib3                 1.26.5-1~exp1ubuntu0.5

Ubuntu 20.04 LTS
  python3-urllib3                 1.25.8-2ubuntu0.4+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7955-1

CVE-2026-21441

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7955-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here