1. CVE-2026-44432: urllib3 Streaming API Flaws Allow Decompression-Bomb Attacks Against Python Clients
A pair of high-severity decompression-bomb vulnerabilities have been identified in urllib3 versions 2.6.0 through 2.6.x (prior to 2.7.0), exposing applications that rely on the library's streaming API to resource-exhaustion attacks. Tracked as CVE-2026-44432 with a CVSS v4.0 score of 8.9, the flaws allow a malicious se...