CVE-2026-44431 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Affected Products (NVD)

Vendor	Product	Version
python	urllib3	1.23 ≤ 𝑥 < 2.7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-urllib3

bookworm	vulnerable
bookworm (security)	1.26.12-1+deb12u4 fixed
bullseye	vulnerable
bullseye (security)	1.26.5-1~exp1+deb11u4 fixed
forky	vulnerable
sid	vulnerable
trixie	vulnerable
trixie (security)	2.3.0-3+deb13u2 fixed

openSUSE / SLES Releases

openSUSE Product

Release

python-urllib3

suse enterprise sap 12	1.25.10-3.51.1 fixed
suse enterprise sap 12 SP3	1.25.10-3.51.1 fixed
suse enterprise sap 12 SP4	1.25.10-3.51.1 fixed
suse enterprise sap 12 SP5	1.25.10-3.51.1 fixed
suse enterprise server 12	1.25.10-3.51.1 fixed
suse enterprise server 12 SP3	1.25.10-3.51.1 fixed
suse enterprise server 12 SP4	1.25.10-3.51.1 fixed
suse enterprise server 12 SP5	1.25.10-3.51.1 fixed

python3-urllib3

suse enterprise sap 12	1.25.10-3.51.1 fixed
suse enterprise sap 12 SP3	1.25.10-3.51.1 fixed
suse enterprise sap 12 SP4	1.25.10-3.51.1 fixed
suse enterprise sap 12 SP5	1.25.10-3.51.1 fixed
suse enterprise sap 15 SP4	1.25.10-150300.4.27.1 fixed
suse enterprise sap 15 SP5	1.25.10-150300.4.27.1 fixed
suse enterprise sap 15 SP6	1.25.10-150300.4.27.1 fixed
suse enterprise server 12	1.25.10-3.51.1 fixed
suse enterprise server 12 SP3	1.25.10-3.51.1 fixed
suse enterprise server 12 SP4	1.25.10-3.51.1 fixed
suse enterprise server 12 SP5	1.25.10-3.51.1 fixed
suse enterprise server 15 SP4	1.25.10-150300.4.27.1 fixed
suse enterprise server 15 SP5	1.25.10-150300.4.27.1 fixed
suse enterprise server 15 SP6	1.25.10-150300.4.27.1 fixed

python311-urllib3

suse enterprise desktop 15 SP7	2.0.7-150400.7.30.1 fixed
suse enterprise sap 15 SP4	2.0.7-150400.7.30.1 fixed
suse enterprise sap 15 SP5	2.0.7-150400.7.30.1 fixed
suse enterprise sap 15 SP6	2.0.7-150400.7.30.1 fixed
suse enterprise sap 15 SP7	2.0.7-150400.7.30.1 fixed
suse enterprise server 15 SP4	2.0.7-150400.7.30.1 fixed
suse enterprise server 15 SP5	2.0.7-150400.7.30.1 fixed
suse enterprise server 15 SP6	2.0.7-150400.7.30.1 fixed
suse enterprise server 15 SP7	2.0.7-150400.7.30.1 fixed

python311-urllib3_1

suse enterprise desktop 15 SP7	1.26.18-150600.3.9.1 fixed
suse enterprise sap 15 SP6	1.26.18-150600.3.9.1 fixed
suse enterprise sap 15 SP7	1.26.18-150600.3.9.1 fixed
suse enterprise server 15 SP6	1.26.18-150600.3.9.1 fixed
suse enterprise server 15 SP7	1.26.18-150600.3.9.1 fixed

python36-urllib3

suse enterprise server 12 SP3

1.25.10-6.17.1

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

python3-urllib3

RHEL 9

0:1.26.5-8.el9_8

fixed

python3.12-urllib3

RHEL 9

0:1.26.19-3.el9_8

fixed

python3.14-urllib3

RHEL 9

0:2.6.3-2.el9_8

fixed

Amazon Linux Releases

Amazon Package

Release

python-urllib3

Amazon Linux 2

0:1.25.9-1.amzn2.0.10

fixed

python3-urllib3

Amazon Linux 2	0:1.25.6-2.amzn2.0.6 fixed
Amazon Linux 2023	0:1.25.10-5.amzn2023.0.7 fixed

Azure Linux Releases

Azure Package

Release

python-urllib3

Azure Linux 3.0

0:2.0.7-5.azl3

fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Vulnerability Media Exposure

[GERMAN] Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand herbeizuführen.
Published: 2026-06-14T22:00:00+00:00

References

https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc

https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html