CVE-2026-21441

EUVD-2026-1188

07.01.2026, 22:15

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.

Data Amplification

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
python	urllib3	1.22 ≤ 𝑥 < 2.6.3

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

python-urllib3

bionic	ignored
focal	Fixed 1.25.8-2ubuntu0.4+esm3 released
jammy	Fixed 1.26.5-1~exp1ubuntu0.5 released
noble	Fixed 2.0.7-1ubuntu0.4 released
plucky	Fixed 2.3.0-2ubuntu0.3 released
questing	Fixed 2.3.0-3ubuntu0.2 released
resolute	not-affected
trusty	not-affected
xenial	not-affected

python-pip

bionic	ignored
focal	Fixed 20.0.2-5ubuntu1.11+esm4 released
jammy	needed
noble	needed
plucky	ignored
questing	needed
resolute	needed
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

python-urllib3

suse enterprise sap 12	1.25.10-3.48.4 fixed
suse enterprise sap 12 SP3	1.25.10-3.48.4 fixed
suse enterprise sap 12 SP4	1.25.10-3.48.4 fixed
suse enterprise sap 12 SP5	1.25.10-3.48.4 fixed
suse enterprise server 12	1.25.10-3.48.4 fixed
suse enterprise server 12 SP3	1.25.10-3.48.4 fixed
suse enterprise server 12 SP4	1.25.10-3.48.4 fixed
suse enterprise server 12 SP5	1.25.10-3.48.4 fixed

python3-urllib3

suse enterprise sap 12	1.25.10-3.48.4 fixed
suse enterprise sap 12 SP3	1.25.10-3.48.4 fixed
suse enterprise sap 12 SP4	1.25.10-3.48.4 fixed
suse enterprise sap 12 SP5	1.25.10-3.48.4 fixed
suse enterprise server 12	1.25.10-3.48.4 fixed
suse enterprise server 12 SP3	1.25.10-3.48.4 fixed
suse enterprise server 12 SP4	1.25.10-3.48.4 fixed
suse enterprise server 12 SP5	1.25.10-3.48.4 fixed
suse enterprise server 15 SP4	1.25.10-150300.4.21.1 fixed

python311-urllib3

suse enterprise desktop 15 SP7	2.0.7-150400.7.24.1 fixed
suse enterprise sap 15 SP7	2.0.7-150400.7.24.1 fixed
suse enterprise server 15 SP4	2.0.7-150400.7.24.1 fixed
suse enterprise server 15 SP7	2.0.7-150400.7.24.1 fixed

python311-urllib3_1

suse enterprise desktop 15 SP7	1.26.18-150600.3.6.1 fixed
suse enterprise sap 15 SP7	1.26.18-150600.3.6.1 fixed
suse enterprise server 15 SP7	1.26.18-150600.3.6.1 fixed

python36-urllib3

suse enterprise server 12 SP3

1.25.10-6.14.1

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

fence-agents-aliyun

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-all

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-amt-ws

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-apc

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-apc-snmp

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-aws

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-azure-arm

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-bladecenter

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-brocade

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-cisco-mds

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-cisco-ucs

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-common

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-compute

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-drac5

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-eaton-snmp

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-emerson

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-eps

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-gce

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-heuristics-ping

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-hpblade

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ibm-powervs

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ibm-vpc

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ibmblade

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ifmib

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ilo-moonshot

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ilo-mp

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ilo-ssh

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ilo2

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-intelmodular

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ipdu

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-ipmilan

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-kdump

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-kubevirt

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-lpar

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-mpath

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-nutanix-ahv

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-openstack

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-redfish

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-rhevm

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-rsa

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-rsb

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-sbd

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-scsi

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-virsh

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-vmware-rest

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-vmware-soap

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-wti

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.4 AUS	0:4.2.1-65.el8_4.25 fixed
RHEL 8.6 AUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 8.6 TUS	0:4.2.1-89.el8_6.20 fixed
RHEL 8.8 E4S	0:4.2.1-112.el8_8.15 fixed
RHEL 8.8 TUS	0:4.2.1-112.el8_8.15 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-agents-zvm

RHEL 8	0:4.2.1-129.el8_10.20 fixed
RHEL 8.6 E4S	0:4.2.1-89.el8_6.20 fixed
RHEL 9	0:4.10.0-98.el9_7.4 fixed

fence-virt

RHEL 9

0:4.10.0-98.el9_7.4

fixed

fence-virtd

RHEL 9

0:4.10.0-98.el9_7.4

fixed

fence-virtd-cpg

RHEL 9

0:4.10.0-98.el9_7.4

fixed

fence-virtd-libvirt

RHEL 9

0:4.10.0-98.el9_7.4

fixed

fence-virtd-multicast

RHEL 9

0:4.10.0-98.el9_7.4

fixed

fence-virtd-serial

RHEL 9

0:4.10.0-98.el9_7.4

fixed

fence-virtd-tcp

RHEL 9

0:4.10.0-98.el9_7.4

fixed

ha-cloud-support

RHEL 9

0:4.10.0-98.el9_7.4

fixed

python3-urllib3

RHEL 9

0:1.26.5-6.el9_7.1

fixed

python3.11-urllib3

RHEL 9

0:1.26.12-5.el9_7.1

fixed

python3.12-urllib3

RHEL 9

0:1.26.19-1.el9_7.1

fixed

resource-agents

RHEL 8	0:4.9.0-54.el8_10.27 fixed
RHEL 8.4 AUS	0:4.1.1-90.el8_4.22 fixed
RHEL 8.6 E4S	0:4.9.0-16.el8_6.19 fixed
RHEL 8.6 TUS	0:4.9.0-16.el8_6.19 fixed
RHEL 8.8 E4S	0:4.9.0-40.el8_8.15 fixed
RHEL 8.8 TUS	0:4.9.0-40.el8_8.15 fixed

resource-agents-aliyun

RHEL 8	0:4.9.0-54.el8_10.27 fixed
RHEL 8.4 AUS	0:4.1.1-90.el8_4.22 fixed
RHEL 8.6 E4S	0:4.9.0-16.el8_6.19 fixed
RHEL 8.6 TUS	0:4.9.0-16.el8_6.19 fixed
RHEL 8.8 E4S	0:4.9.0-40.el8_8.15 fixed
RHEL 8.8 TUS	0:4.9.0-40.el8_8.15 fixed

resource-agents-gcp

RHEL 8	0:4.9.0-54.el8_10.27 fixed
RHEL 8.4 AUS	0:4.1.1-90.el8_4.22 fixed
RHEL 8.6 E4S	0:4.9.0-16.el8_6.19 fixed
RHEL 8.6 TUS	0:4.9.0-16.el8_6.19 fixed
RHEL 8.8 E4S	0:4.9.0-40.el8_8.15 fixed
RHEL 8.8 TUS	0:4.9.0-40.el8_8.15 fixed

resource-agents-paf

RHEL 8	0:4.9.0-54.el8_10.27 fixed
RHEL 8.6 E4S	0:4.9.0-16.el8_6.19 fixed
RHEL 8.6 TUS	0:4.9.0-16.el8_6.19 fixed
RHEL 8.8 E4S	0:4.9.0-40.el8_8.15 fixed
RHEL 8.8 TUS	0:4.9.0-40.el8_8.15 fixed

Common Weakness Enumeration

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

References

https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b

https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99

https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html