CVE-2026-21441 | urllib3 up to 2.6.2 Streaming API preload_content Content-Encoding data amplification (GHSA-38jv-5279-wg99)

A vulnerability marked as problematic has been reported in urllib3 up to 2.6.2. Affected is the function preload_content of the component Streaming API. Performing a manipulation of the argument Content-Encoding results in highly compressed data.

This vulnerability is reported as CVE-2026-21441. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More