urllib3 1.232.6.x Sensitive Header Leak via ProxyManager (CVE202644431)
CVE-2026-44431 Published on May 13, 2026

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2026-44431 has been classified to as an Information Disclosure vulnerability or weakness.

Affected Versions

urllib3 Version >= 1.23, < 2.7.0 is affected by CVE-2026-44431

urllib3 1.232.6.x Sensitive Header Leak via ProxyManager (CVE202644431)CVE-2026-44431 Published on May 13, 2026

Weakness Type

What is an Information Disclosure Vulnerability?

Affected Versions

urllib3 1.232.6.x Sensitive Header Leak via ProxyManager (CVE202644431)
CVE-2026-44431 Published on May 13, 2026