Ctrl + K
/ news / CVE
CVEPublished 2026-05-13Modified 2026-05-140 articles on news6 live referencesNVD data

CVE-2026-44432Python · Urllib3

Vulnerability data via NVD (ingested)

CVSS v3.1
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS percentile
Weaknesses (CWE)
CWE-409Improper Handling of Highly Compressed Data (Data Amplification)
Description

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.

Timeline
Published 2026-05-13
Modified 2026-05-14

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-44432
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Python Urllib3"
All exposed Python Urllib3 instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Urllib3"
HTTP body or banner mentions "Urllib3" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-44432
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-44432
Censys host search filtered to this CVE id.
grep.app
CVE-2026-44432
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-44432
GitHub code search for direct mentions.
Google dork
"CVE-2026-44432" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (3)

CVE-2026-444323 repos
prefect421/mvidarrPython
MVidarr - The Music Video Management System
★ 41·updated 2d ago
jahlives/openssl_encryptPython
Post-quantum hybrid encryption with chained KDF architecture. Supports ML-KEM, Kyber, Argon2, Balloon, RandomX. CLI + GUI included.
★ 2·updated 2d ago
mp3wizard/notebooklm-mcp-cliPython
NotebookLM MCP CLI - Access NotebookLM via Claude with security fixes and FastMCP 1.0 compatibility
★ 1·updated 2w ago
We haven't classified any articles referencing CVE-2026-44432 yet. The external references above still apply.