VDB

RHSA-2026%3A24542

RHSA-2026%3A24542 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64 as a component of Red Hat AI Inference Server 3.4*, *, *
Red Hatregistry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64 as a component of Red Hat AI Inference Server 3.4*, *, *
urllib3urllib3

Timeline

  • Jun 8, 2026 CVE Published
  • Jun 9, 2026 Distribution Patch
  • Jun 9, 2026 Distribution Patch
  • Jun 9, 2026 Security Advisory
  • Jun 9, 2026 Security Advisory
  • Jun 9, 2026 Security Advisory
  • Jun 23, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›