QwikSec

Security Database

CVE

CWE

Training

CVE-2025-66418

Published: Dec 5, 2025

Modified: Dec 5, 2025

PUBLISHED

Description

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

Vendor	Product	Versions
urllib3	urllib3	affected `>= 1.24, < 2.6.0`

Weaknesses (CWE)

References

https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53

x_refsource_CONFIRM

https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.