{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "rhel8-4-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8-6-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/cups", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/gcc-toolset-13-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/gcc-toolset-14-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/gcc-toolset-15-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/grafana", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/mariadb-1011", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/mariadb-103", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/mariadb-105", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/memcached", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/mysql-80", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/net-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/nodejs-24", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/pcp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/perl-526", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/php-74", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/postgresql-12", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/postgresql-13", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/postgresql-15", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/postgresql-16", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/python-36", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/redis-6", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/rsyslog", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/ruby-25", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/support-tools", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel8/varnish-6", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8-init/ubi8-init", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/nodejs-24", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/perl-526", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/php-74", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/python-36", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/ruby-25", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/ubi", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/ubi-init", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi8/ubi8", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-nutanix-ahv", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "platform-python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.24.2-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-gcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-paf", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:1224"}, {"url": "https://access.redhat.com/errata/RHSA-2026:1226"}, {"url": "https://access.redhat.com/errata/RHSA-2026:1240"}, {"url": "https://access.redhat.com/errata/RHSA-2026:1241"}, {"url": "https://access.redhat.com/errata/RHSA-2026:1254"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n\n* urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n\n* urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2026-21441."}, {"lang": "en", "value": "The CVE program describes this issue as: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}, {"lang": "en", "value": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n\n* urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n\n* urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}, {"lang": "en", "value": "The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n\n* urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n\n* urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-07T22:09:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "rhel9-0-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-2-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-4-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-6-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-eus/rhel-9.4-bootc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-eus/rhel-9.6-bootc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-eus/rhel-9.6-bootc-image-builder", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/bootc-image-builder", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/cups", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/fdo-manufacturing-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/fdo-owner-onboarding-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/fdo-rendezvous-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/fdo-serviceinfo-api-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/gcc-toolset-13-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/gcc-toolset-14-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/gcc-toolset-15-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/grafana", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/keylime-registrar", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/keylime-verifier", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/mariadb-1011", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/mariadb-105", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/memcached", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/mysql-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/mysql-84", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/net-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/nginx-120", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/nginx-126", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/nodejs-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/pcp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/perl-532", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/php-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/php-83", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/postgresql-13", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/postgresql-15", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/postgresql-16", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/python-312-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/realtime-tests", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/redis-6", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/redis-7", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/rhel-bootc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/rsyslog", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/rteval", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/rtla", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/ruby-30", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/squid", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/support-tools", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/valkey-8", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9/varnish-6", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9-init/ubi9-init", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/nginx-120", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/nginx-126", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/nodejs-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/perl-532", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/php-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/php-83", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/python-312-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/ruby-30", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/ubi", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/ubi-init", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/ubi-stig", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ubi9/ubi9", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-nutanix-ahv", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-virt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-virtd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-virtd-cpg", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-virtd-libvirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-virtd-multicast", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-virtd-serial", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-virtd-tcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ha-cloud-support", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.5-6.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-5.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:1087"}, {"url": "https://access.redhat.com/errata/RHSA-2026:1088"}, {"url": "https://access.redhat.com/errata/RHSA-2026:1089"}, {"url": "https://access.redhat.com/errata/RHSA-2026:1239"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n\n* urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n\n* urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2026-21441."}, {"lang": "en", "value": "The CVE program describes this issue as: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}, {"lang": "en", "value": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n\n* urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n\n* urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-07T22:09:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "python3-pip", "platforms": ["jammy", "noble"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "python3-pip-whl", "platforms": ["jammy", "noble"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "python-pip-whl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:20.0.2-5ubuntu1.11+esm4", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:20.0.2-5ubuntu1.11+esm4", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.25.8-2ubuntu0.4+esm3", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.5-1~exp1ubuntu0.5", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.0.7-1ubuntu0.4", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python-pip", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "python-pip-whl", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "python-urllib3", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "python3-pip", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "python3-urllib3", "platforms": ["bionic"], "defaultStatus": "unknown"}, {"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://ubuntu.com/security/CVE-2026-21441"}, {"url": "https://ubuntu.com/security/notices/USN-7955-1"}, {"url": "https://ubuntu.com/security/notices/USN-7955-2"}, {"url": "https://ubuntu.com/security/notices/USN-8010-1"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "not defined"}, {"lang": "en", "value": "urllib3 is an HTTP client library for Python. urllib3's streaming API isdesigned for the efficient handling of large HTTP responses by reading thecontent in chunks, rather than loading the entire response body into memoryat once. urllib3 can perform decoding or decompression based on the HTTP`Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). Whenusing the streaming API, the library decompresses only the necessary bytes,enabling partial content consumption. Starting in version 1.22 and prior toversion 2.6.3, for HTTP redirect responses, the library would read theentire response body to drain the connection and decompress the contentunnecessarily. This decompression occurred even before any read methodswere called, and configured read limits did not restrict the amount ofdecompressed data. As a result, there was no safeguard againstdecompression bombs. A malicious server could exploit this to triggerexcessive resource consumption on the client. Applications and librariesare affected when they stream content from untrusted sources by setting`preload_content=False` when they do not disable redirects. Users shouldupgrade to at least urllib3 v2.6.3, in which the library does not decodecontent of redirect responses when `preload_content=False`. If upgrading isnot immediately possible, disable redirects by setting `redirect=False` forrequests to untrusted source."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2000-01-01T00:00:00Z", "x_subShortName": "canonical"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.26.12-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.26.5-1~exp1+deb11u3", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.0-3+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2026-01-17T00:00:00.000Z", "x_subShortName": "debian"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "almalinux", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el10_1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-21441", "name": "CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n  * urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n  * urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2026-01-26T00:00:00Z", "x_subShortName": "alma_10"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "almalinux", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.24.2-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-21441", "name": "CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n  * urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n  * urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2026-01-26T00:00:00Z", "x_subShortName": "alma_8"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "almalinux", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-nutanix-ahv", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-zvm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-virt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-virtd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-virtd-cpg", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-virtd-libvirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-virtd-multicast", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-virtd-serial", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-virtd-tcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "ha-cloud-support", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.5-6.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-5.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-21441", "name": "CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n  * urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n  * urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}, {"lang": "en", "value": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.   \n\nSecurity Fix(es):  \n\n  * urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion (CVE-2025-66418)\n  * urllib3: urllib3 Streaming API improperly handles highly compressed data (CVE-2025-66471)\n  * urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2026-01-26T00:00:00Z", "x_subShortName": "alma_9"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"high\"}"}}}], "affected": [{"vendor": "fedora", "product": "mingw-python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.6.3-1.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "mingw-python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.6.3-1.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.6.3-1.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-2b6dfd7c83"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-724d1b1044"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8b7270b473"}], "descriptions": [{"lang": "en", "value": "### 2.6.3 (2026-01-07)\n\n- Fixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n[`GHSA-38jv-5279-wg99`](https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99),\n[`CVE-2026-21441`](https://www.cve.org/CVERecord?id=CVE-2026-21441)\n- Started treating `Retry-After` times greater than 6 hours as 6 hours by default."}, {"lang": "en", "value": "mingw-python-urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-01-10T01:38:26Z", "x_subShortName": "fedora"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"IMPORTANT\"}"}}}], "affected": [{"vendor": "oraclelinux", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el10_1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-nutanix-ahv", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.24.2-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "resource-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-nutanix-ahv", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-virt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-virtd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-virtd-cpg", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-virtd-libvirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-virtd-multicast", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-virtd-serial", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-virtd-tcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "ha-cloud-support", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.5-6.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-5.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://linux.oracle.com/cve/CVE-2026-21441.html"}], "descriptions": [{"lang": "en", "value": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000006", "shortName": "oraclelinux", "dateUpdated": "2026-01-26T00:00:00Z", "x_subShortName": "oraclelinux"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el10_1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el10_1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.14-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-21441"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"}, {"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-07T22:09:01Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-urllib3", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2026-21441."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-07T22:09:00Z", "x_subShortName": "redhat_6"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python-urllib3", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-gcp", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-sap", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana-scaleout", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "sap-cluster-connector", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2026-21441."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-07T22:09:00Z", "x_subShortName": "redhat_7"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "rocky", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el10_1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el10_1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aliyun-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-azure-arm-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kdump-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kubevirt-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.20", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.24.2-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.24.2-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-2.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-aliyun-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-gcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-paf", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.27", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kdump-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kubevirt-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-nutanix-ahv", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-zvm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virt-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-cpg", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-cpg-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-libvirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-libvirt-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-multicast", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-multicast-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-serial", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-serial-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-tcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-virtd-tcp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "ha-cloud-support", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "ha-cloud-support-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.10.0-98.el9_7.4", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.5-6.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.5-6.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3.11-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.12-5.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3.12-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.19-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"}], "descriptions": [{"lang": "en", "value": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) (CVE-2026-21441)"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000004", "shortName": "rocky", "dateUpdated": "2026-02-11T09:10:22Z", "x_subShortName": "rocky"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python311-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.0.7-150400.7.24.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-public-cloud:15:sp4", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp4", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp7", "cpe:/o:suse:sles_teradata:15:sp4", "cpe:/o:suse:suse-manager-proxy:4.3", "cpe:/o:suse:suse-manager-retail-branch-server:4.3"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.25.10-150300.4.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python311-urllib3_1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.18-150600.3.6.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1256331"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441", "name": "Mitre CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002454.html", "name": "RHSA-2026:1240"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002467.html", "name": "RHSA-2026:1619"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002462.html", "name": "RHSA-2026:1704"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002464.html", "name": "RHSA-2026:1706"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002468.html", "name": "RHSA-2026:1729"}, {"url": "https://www.suse.com/security/cve/CVE-2026-21441", "name": "SUSE CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023893.html", "name": "SUSE-SU-2026:0255-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024105.html", "name": "SUSE-SU-2026:0443-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024387.html", "name": "SUSE-SU-2026:0635-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043740.html", "name": "SUSE-SU-2026:20131-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023945.html", "name": "SUSE-SU-2026:20157-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024214.html", "name": "SUSE-SU-2026:20270-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024321.html", "name": "SUSE-SU-2026:20364-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024616.html", "name": "SUSE-SU-2026:20591-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-01-24T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.25.10-150300.4.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python311-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.0.7-150400.7.24.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python311-urllib3_1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.18-150600.3.6.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1256331"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441", "name": "Mitre CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002454.html", "name": "RHSA-2026:1240"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002467.html", "name": "RHSA-2026:1619"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002462.html", "name": "RHSA-2026:1704"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002464.html", "name": "RHSA-2026:1706"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002468.html", "name": "RHSA-2026:1729"}, {"url": "https://www.suse.com/security/cve/CVE-2026-21441", "name": "SUSE CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023893.html", "name": "SUSE-SU-2026:0255-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024105.html", "name": "SUSE-SU-2026:0443-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024387.html", "name": "SUSE-SU-2026:0635-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043740.html", "name": "SUSE-SU-2026:20131-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023945.html", "name": "SUSE-SU-2026:20157-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024214.html", "name": "SUSE-SU-2026:20270-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024321.html", "name": "SUSE-SU-2026:20364-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024616.html", "name": "SUSE-SU-2026:20591-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-01-24T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python313-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.5.0-160000.3.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python313-urllib3_1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.20-160000.3.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1256331"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441", "name": "Mitre CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002454.html", "name": "RHSA-2026:1240"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002467.html", "name": "RHSA-2026:1619"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002462.html", "name": "RHSA-2026:1704"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002464.html", "name": "RHSA-2026:1706"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002468.html", "name": "RHSA-2026:1729"}, {"url": "https://www.suse.com/security/cve/CVE-2026-21441", "name": "SUSE CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023893.html", "name": "SUSE-SU-2026:0255-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024105.html", "name": "SUSE-SU-2026:0443-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024387.html", "name": "SUSE-SU-2026:0635-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043740.html", "name": "SUSE-SU-2026:20131-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023945.html", "name": "SUSE-SU-2026:20157-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024214.html", "name": "SUSE-SU-2026:20270-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024321.html", "name": "SUSE-SU-2026:20364-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024616.html", "name": "SUSE-SU-2026:20591-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-01-29T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "amazon", "product": "python-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.15", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.25.9-1.amzn2.0.9", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python2-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.15", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.15", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.25.6-2.amzn2.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2026-02-05T23:22:00Z", "x_subShortName": "alas_2"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "amazon", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "21.3.1-2.amzn2023.0.16", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "21.3.1-2.amzn2023.0.16", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.25.10-5.amzn2023.0.6", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.11-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "22.3.1-2.amzn2023.0.10", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.11-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "22.3.1-2.amzn2023.0.10", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.12-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "23.2.1-4.amzn2023.0.7", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.12-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "23.2.1-4.amzn2023.0.7", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.13-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "24.2-259.amzn2023.0.3", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.13-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "24.2-259.amzn2023.0.3", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2026-02-05T22:03:00Z", "x_subShortName": "alas_2023"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"HIGH\"}"}}}], "affected": [{"vendor": "pypi", "product": "urllib3", "versions": [{"status": "affected", "version": "1.22", "lessThan": "2.6.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/urllib3/urllib3"}, {"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"}, {"url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"}], "descriptions": [{"lang": "en", "value": "### Impact\n\nurllib3's [streaming API](https://urllib3.readthedocs.io/en/2.6.2/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.\n\nurllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption.\n\nHowever, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client (high CPU usage and large memory allocations for decompressed data; CWE-409).\n\n### Affected usages\n\nApplications and libraries using urllib3 version 2.6.2 and earlier to stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects.\n\n\n### Remediation\n\nUpgrade to at least urllib3 v2.6.3 in which the library does not decode content of redirect responses when `preload_content=False`.\n\nIf upgrading is not immediately possible, disable [redirects](https://urllib3.readthedocs.io/en/2.6.2/user-guide.html#retrying-requests) by setting `redirect=False` for requests to untrusted source."}, {"lang": "en", "value": "Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)"}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "pypi", "dateUpdated": "2026-01-07T19:18:14Z", "x_subShortName": "pypi"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "SUSE bug 1256331"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441", "name": "Mitre CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002454.html", "name": "RHSA-2026:1240"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002467.html", "name": "RHSA-2026:1619"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002462.html", "name": "RHSA-2026:1704"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002464.html", "name": "RHSA-2026:1706"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-February/002468.html", "name": "RHSA-2026:1729"}, {"url": "https://www.suse.com/security/cve/CVE-2026-21441", "name": "SUSE CVE-2026-21441"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023893.html", "name": "SUSE-SU-2026:0255-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024105.html", "name": "SUSE-SU-2026:0443-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024387.html", "name": "SUSE-SU-2026:0635-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043740.html", "name": "SUSE-SU-2026:20131-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023945.html", "name": "SUSE-SU-2026:20157-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024214.html", "name": "SUSE-SU-2026:20270-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024321.html", "name": "SUSE-SU-2026:20364-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024616.html", "name": "SUSE-SU-2026:20591-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-05T00:00:00Z", "x_subShortName": "suse_server_12"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*"], "vendor": "python", "product": "urllib3", "versions": [{"status": "affected", "version": "1.22", "lessThan": "2.6.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b", "tags": ["patch"]}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html"}], "descriptions": [{"lang": "en", "value": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-409", "description": "CWE-409"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2026-01-07T22:15:44Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2026-21441", "state": "PUBLISHED", "dateUpdated": "2026-01-23T09:15:47Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-07T22:15:44Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.0"}