1. urllib3 CVE-2026-44431: Low-Level API Flaw Allows Sensitive Header Leakage Across Origins
A critical vulnerability in urllib3 versions prior to 2.7.0 enables unauthorized exfiltration of sensitive authentication headers during cross-origin redirects. The flaw specifically targets the low-level `ProxyManager.connection_from_url().urlopen(..., assert_same_host=False)` API pathway, which unlike its high-level ...