urllib3 vulnerability CVE-2026-21441 and CVE-2025-66471

[ktnvda]

Description

There are some recent urllib3 potential vulnerabilities with the version being used in the latest pip 25.3. Can we get urllib3 patched to at least 2.6.3 and above, or some forked backported security fix into the urllib3 version 1.6.20+? See GHSA-38jv-5279-wg99 for details on the latest 2026 vulnerability.

Here is another report of a urllib3 vulnerability from December of 2025:
GHSA-2xpw-w6gg-jr37

Expected behavior

urllib3 is patched to 2.6.3 or higher, or some forked backported security fix in 1.26.20+, to fix these security vulnerabilities used in pip

pip version

25.3

Python version

3.12

OS

Linux, Mac

How to Reproduce

python -m venv venv
source venv/bin/activate
pip install pip==25.3

Output

cat venv/lib/python3.12/site-packages/pip/_vendor/urllib3/_version.py

This file is protected via CODEOWNERS

version = "1.26.20"

Code of Conduct

• I agree to follow the PSF Code of Conduct.

[notatallshaw]

Can we get urllib3 patched to at least 2.6.3 and above

No, upgrading urllib3 to 2.x is currently blocked by #12857

or some forked backported security fix into the urllib3 version 1.6.20+?

We can patch urllib3, but first it would be useful to know why upstream hasn’t addressed these advisories in 1.x.

See GHSA-38jv-5279-wg99 for details on the latest 2026 vulnerability. Here is another report of a urllib3 vulnerability from December of 2025: GHSA-2xpw-w6gg-jr37

Pip does not appear to be affected by GHSA-2xpw-w6gg-jr37, since decode_content=False is explicitly set.

GHSA-38jv-5279-wg99 could plausibly be triggered by a malicious index, causing high CPU or memory usage. That said, a malicious index can already return arbitrarily large API responses or malicious packages, leading to high CPU or memory usage or even arbitrary code execution, so I don't believe this is a meaningfully new security concern for pip.

[cosmicexplorer]

Streaming decompression while downloading from a network request introduces variable latencies which can be used for fingerprinting the client, but I'm not sure if/how this fits into pip's threat mosel. I'm also not immediately able to find a proof of concept for either of these github security advisories.