Intel

AIKIDO-2026-10160

urllib3-future is vulnerable to Decompression-bomb

Decompression-bombCVE-2026-21441 Published Feb 12, 2026

89

High Risk

This Affects:

PYTHONurllib3-future
1.2.0 - 2.15.901
Fixed in 2.15.902
Are you affected? Scan for Free

TL;DR

Affected versions of this package may decompress entire HTTP redirect response bodies even when using the streaming API with preload_content=False, ignoring read limits. It can lead to excessive CPU and memory usage. An attacker can exploit this by hosting a redirect response containing a compressed decompression bomb, causing the client to automatically decompress massive data before any reads occur, resulting in denial of service.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

urllib3-future is vulnerable to Decompression-bomb in versions 1.2.0 - 2.15.901.

How to fix this

Upgrade the urllib3-future library to the patch version or disable redirects for requests to untrusted sources by setting redirect=False.

Links

Other

lists.debian.org/debian-lts-announce/2026/01/msg00017.html
https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html
access.redhat.com/errata/RHSA-2026:0981
https://access.redhat.com/errata/RHSA-2026:0981
access.redhat.com/errata/RHSA-2026:0990
https://access.redhat.com/errata/RHSA-2026:0990
access.redhat.com/errata/RHSA-2026:10184
https://access.redhat.com/errata/RHSA-2026:10184
access.redhat.com/errata/RHSA-2026:1038
https://access.redhat.com/errata/RHSA-2026:1038
access.redhat.com/errata/RHSA-2026:1041
https://access.redhat.com/errata/RHSA-2026:1041
access.redhat.com/errata/RHSA-2026:1042
https://access.redhat.com/errata/RHSA-2026:1042
access.redhat.com/errata/RHSA-2026:1086
https://access.redhat.com/errata/RHSA-2026:1086
access.redhat.com/errata/RHSA-2026:1087
https://access.redhat.com/errata/RHSA-2026:1087
access.redhat.com/errata/RHSA-2026:1088
https://access.redhat.com/errata/RHSA-2026:1088
access.redhat.com/errata/RHSA-2026:1089
https://access.redhat.com/errata/RHSA-2026:1089
access.redhat.com/errata/RHSA-2026:1166
https://access.redhat.com/errata/RHSA-2026:1166
access.redhat.com/errata/RHSA-2026:1168
https://access.redhat.com/errata/RHSA-2026:1168
access.redhat.com/errata/RHSA-2026:1176
https://access.redhat.com/errata/RHSA-2026:1176
access.redhat.com/errata/RHSA-2026:1224
https://access.redhat.com/errata/RHSA-2026:1224
access.redhat.com/errata/RHSA-2026:1226
https://access.redhat.com/errata/RHSA-2026:1226
access.redhat.com/errata/RHSA-2026:1239
https://access.redhat.com/errata/RHSA-2026:1239
access.redhat.com/errata/RHSA-2026:1240
https://access.redhat.com/errata/RHSA-2026:1240
access.redhat.com/errata/RHSA-2026:1241
https://access.redhat.com/errata/RHSA-2026:1241
access.redhat.com/errata/RHSA-2026:1254
https://access.redhat.com/errata/RHSA-2026:1254
access.redhat.com/errata/RHSA-2026:1485
https://access.redhat.com/errata/RHSA-2026:1485
access.redhat.com/errata/RHSA-2026:14877
https://access.redhat.com/errata/RHSA-2026:14877
access.redhat.com/errata/RHSA-2026:1504
https://access.redhat.com/errata/RHSA-2026:1504
access.redhat.com/errata/RHSA-2026:1546
https://access.redhat.com/errata/RHSA-2026:1546
access.redhat.com/errata/RHSA-2026:1596
https://access.redhat.com/errata/RHSA-2026:1596
access.redhat.com/errata/RHSA-2026:1599
https://access.redhat.com/errata/RHSA-2026:1599
access.redhat.com/errata/RHSA-2026:1609
https://access.redhat.com/errata/RHSA-2026:1609
access.redhat.com/errata/RHSA-2026:1618
https://access.redhat.com/errata/RHSA-2026:1618
access.redhat.com/errata/RHSA-2026:1619
https://access.redhat.com/errata/RHSA-2026:1619
access.redhat.com/errata/RHSA-2026:1652
https://access.redhat.com/errata/RHSA-2026:1652
access.redhat.com/errata/RHSA-2026:1674
https://access.redhat.com/errata/RHSA-2026:1674
access.redhat.com/errata/RHSA-2026:1676
https://access.redhat.com/errata/RHSA-2026:1676
access.redhat.com/errata/RHSA-2026:1693
https://access.redhat.com/errata/RHSA-2026:1693
access.redhat.com/errata/RHSA-2026:1704
https://access.redhat.com/errata/RHSA-2026:1704
access.redhat.com/errata/RHSA-2026:1706
https://access.redhat.com/errata/RHSA-2026:1706
access.redhat.com/errata/RHSA-2026:1712
https://access.redhat.com/errata/RHSA-2026:1712
access.redhat.com/errata/RHSA-2026:1717
https://access.redhat.com/errata/RHSA-2026:1717
access.redhat.com/errata/RHSA-2026:1726
https://access.redhat.com/errata/RHSA-2026:1726
access.redhat.com/errata/RHSA-2026:1729
https://access.redhat.com/errata/RHSA-2026:1729
access.redhat.com/errata/RHSA-2026:1730
https://access.redhat.com/errata/RHSA-2026:1730
access.redhat.com/errata/RHSA-2026:1734
https://access.redhat.com/errata/RHSA-2026:1734
access.redhat.com/errata/RHSA-2026:1735
https://access.redhat.com/errata/RHSA-2026:1735
access.redhat.com/errata/RHSA-2026:1736
https://access.redhat.com/errata/RHSA-2026:1736
access.redhat.com/errata/RHSA-2026:17456
https://access.redhat.com/errata/RHSA-2026:17456
access.redhat.com/errata/RHSA-2026:17457
https://access.redhat.com/errata/RHSA-2026:17457
access.redhat.com/errata/RHSA-2026:17460
https://access.redhat.com/errata/RHSA-2026:17460
access.redhat.com/errata/RHSA-2026:17461
https://access.redhat.com/errata/RHSA-2026:17461
access.redhat.com/errata/RHSA-2026:17462
https://access.redhat.com/errata/RHSA-2026:17462
access.redhat.com/errata/RHSA-2026:17463
https://access.redhat.com/errata/RHSA-2026:17463
access.redhat.com/errata/RHSA-2026:1791
https://access.redhat.com/errata/RHSA-2026:1791
access.redhat.com/errata/RHSA-2026:1792
https://access.redhat.com/errata/RHSA-2026:1792
access.redhat.com/errata/RHSA-2026:1793
https://access.redhat.com/errata/RHSA-2026:1793
access.redhat.com/errata/RHSA-2026:1794
https://access.redhat.com/errata/RHSA-2026:1794
access.redhat.com/errata/RHSA-2026:1803
https://access.redhat.com/errata/RHSA-2026:1803
access.redhat.com/errata/RHSA-2026:1805
https://access.redhat.com/errata/RHSA-2026:1805
access.redhat.com/errata/RHSA-2026:1942
https://access.redhat.com/errata/RHSA-2026:1942
access.redhat.com/errata/RHSA-2026:1957
https://access.redhat.com/errata/RHSA-2026:1957
access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/errata/RHSA-2026:19712
access.redhat.com/errata/RHSA-2026:2106
https://access.redhat.com/errata/RHSA-2026:2106
access.redhat.com/errata/RHSA-2026:2126
https://access.redhat.com/errata/RHSA-2026:2126
access.redhat.com/errata/RHSA-2026:2137
https://access.redhat.com/errata/RHSA-2026:2137
access.redhat.com/errata/RHSA-2026:2139
https://access.redhat.com/errata/RHSA-2026:2139
access.redhat.com/errata/RHSA-2026:2144
https://access.redhat.com/errata/RHSA-2026:2144
access.redhat.com/errata/RHSA-2026:2256
https://access.redhat.com/errata/RHSA-2026:2256
access.redhat.com/errata/RHSA-2026:2456
https://access.redhat.com/errata/RHSA-2026:2456
access.redhat.com/errata/RHSA-2026:2500
https://access.redhat.com/errata/RHSA-2026:2500
access.redhat.com/errata/RHSA-2026:25127
https://access.redhat.com/errata/RHSA-2026:25127
access.redhat.com/errata/RHSA-2026:2563
https://access.redhat.com/errata/RHSA-2026:2563
access.redhat.com/errata/RHSA-2026:2681
https://access.redhat.com/errata/RHSA-2026:2681
access.redhat.com/errata/RHSA-2026:2695
https://access.redhat.com/errata/RHSA-2026:2695
access.redhat.com/errata/RHSA-2026:2717
https://access.redhat.com/errata/RHSA-2026:2717
access.redhat.com/errata/RHSA-2026:2718
https://access.redhat.com/errata/RHSA-2026:2718
access.redhat.com/errata/RHSA-2026:2723
https://access.redhat.com/errata/RHSA-2026:2723
access.redhat.com/errata/RHSA-2026:2728
https://access.redhat.com/errata/RHSA-2026:2728
access.redhat.com/errata/RHSA-2026:2760
https://access.redhat.com/errata/RHSA-2026:2760
access.redhat.com/errata/RHSA-2026:2762
https://access.redhat.com/errata/RHSA-2026:2762
access.redhat.com/errata/RHSA-2026:2764
https://access.redhat.com/errata/RHSA-2026:2764
access.redhat.com/errata/RHSA-2026:2765
https://access.redhat.com/errata/RHSA-2026:2765
access.redhat.com/errata/RHSA-2026:28043
https://access.redhat.com/errata/RHSA-2026:28043
access.redhat.com/errata/RHSA-2026:28441
https://access.redhat.com/errata/RHSA-2026:28441
access.redhat.com/errata/RHSA-2026:2900
https://access.redhat.com/errata/RHSA-2026:2900
access.redhat.com/errata/RHSA-2026:2911
https://access.redhat.com/errata/RHSA-2026:2911
access.redhat.com/errata/RHSA-2026:2919
https://access.redhat.com/errata/RHSA-2026:2919
access.redhat.com/errata/RHSA-2026:2924
https://access.redhat.com/errata/RHSA-2026:2924
access.redhat.com/errata/RHSA-2026:2925
https://access.redhat.com/errata/RHSA-2026:2925
access.redhat.com/errata/RHSA-2026:2926
https://access.redhat.com/errata/RHSA-2026:2926
access.redhat.com/errata/RHSA-2026:3296
https://access.redhat.com/errata/RHSA-2026:3296
access.redhat.com/errata/RHSA-2026:33154
https://access.redhat.com/errata/RHSA-2026:33154
access.redhat.com/errata/RHSA-2026:3406
https://access.redhat.com/errata/RHSA-2026:3406
access.redhat.com/errata/RHSA-2026:3444
https://access.redhat.com/errata/RHSA-2026:3444
access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
access.redhat.com/errata/RHSA-2026:3713
https://access.redhat.com/errata/RHSA-2026:3713
access.redhat.com/errata/RHSA-2026:3782
https://access.redhat.com/errata/RHSA-2026:3782
access.redhat.com/errata/RHSA-2026:3869
https://access.redhat.com/errata/RHSA-2026:3869
access.redhat.com/errata/RHSA-2026:3874
https://access.redhat.com/errata/RHSA-2026:3874
access.redhat.com/errata/RHSA-2026:3884
https://access.redhat.com/errata/RHSA-2026:3884
access.redhat.com/errata/RHSA-2026:3960
https://access.redhat.com/errata/RHSA-2026:3960
access.redhat.com/errata/RHSA-2026:4185
https://access.redhat.com/errata/RHSA-2026:4185
access.redhat.com/errata/RHSA-2026:4215
https://access.redhat.com/errata/RHSA-2026:4215
access.redhat.com/errata/RHSA-2026:4271
https://access.redhat.com/errata/RHSA-2026:4271
access.redhat.com/errata/RHSA-2026:4466
https://access.redhat.com/errata/RHSA-2026:4466
access.redhat.com/errata/RHSA-2026:4467
https://access.redhat.com/errata/RHSA-2026:4467
access.redhat.com/errata/RHSA-2026:5459
https://access.redhat.com/errata/RHSA-2026:5459
access.redhat.com/errata/RHSA-2026:6287
https://access.redhat.com/errata/RHSA-2026:6287
access.redhat.com/errata/RHSA-2026:6292
https://access.redhat.com/errata/RHSA-2026:6292
access.redhat.com/errata/RHSA-2026:8151
https://access.redhat.com/errata/RHSA-2026:8151
access.redhat.com/errata/RHSA-2026:8500
https://access.redhat.com/errata/RHSA-2026:8500
access.redhat.com/errata/RHSA-2026:8501
https://access.redhat.com/errata/RHSA-2026:8501
access.redhat.com/security/cve/CVE-2026-21441
https://access.redhat.com/security/cve/CVE-2026-21441
bugzilla.redhat.com/show_bug.cgi?id=2427726
https://bugzilla.redhat.com/show_bug.cgi?id=2427726
security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21441.json
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21441.json