Vulnerability
Severity: HIGH
Package: urllib3@2.6.3
Advisory: GHSA-mf9v-mfxr-j63j / CVE-2026-44432
Affected component: py-sdk
Dependency type: direct (sdks/python/pyproject.toml → "urllib3>=1.26.0")
Note: Issue #828 tracks GHSA-qccp-gfcp-xxvc / CVE-2026-44431 (proxy credential leak via cross-origin redirect) for this package. This issue tracks a separate HIGH-severity advisory — a decompression-bomb DoS — not covered by #828. Both are fixed by upgrading to urllib3 ≥2.7.0.
Description
urllib3 2.6.0 through <2.7.0 contains a decompression bomb vulnerability. Two conditions trigger it:
- During a second
HTTPResponse.read(amt=N) call on a Brotli-compressed response, urllib3 decompresses the entire remaining response body instead of only the requested N bytes.
- When
HTTPResponse.drain_conn() is called after a partially-read decompressed response (regardless of compression algorithm), urllib3 again decompresses the full remaining body.
In both cases, a malicious HTTP server can send a small payload of highly compressed data. urllib3 then fully decompresses it in a single operation, triggering massive memory allocation and high CPU usage on the client — a classic decompression bomb / resource exhaustion attack.
Fix
Recommended version: urllib3 ≥2.7.0
Fix command:
pip install "urllib3>=2.7.0"
Or update the constraint in sdks/python/pyproject.toml:
dependencies = [
"urllib3>=2.7.0",
...
]
(This also resolves the credential-leak advisory tracked in #828, as both are fixed in 2.7.0.)
Risk Assessment
This is a direct runtime dependency of the Python SDK. The PMXT Python SDK (pmxt) depends on urllib3 for all HTTP communication with prediction market APIs. If any API endpoint (or a network-level attacker via MITM) returns a Brotli-compressed response while the SDK reads it in multiple chunks — or calls drain_conn() after partial reads — the client process can be forced to allocate unbounded memory, leading to OOM termination or severe CPU exhaustion. Prediction market data consumption typically involves high-frequency partial reads of streaming or paginated responses, which is precisely the pattern that triggers condition (1).
Found by automated dependency vulnerability scan
Vulnerability
Severity: HIGH
Package: urllib3@2.6.3
Advisory: GHSA-mf9v-mfxr-j63j / CVE-2026-44432
Affected component: py-sdk
Dependency type: direct (
sdks/python/pyproject.toml→"urllib3>=1.26.0")Description
urllib3 2.6.0 through <2.7.0 contains a decompression bomb vulnerability. Two conditions trigger it:
HTTPResponse.read(amt=N)call on a Brotli-compressed response, urllib3 decompresses the entire remaining response body instead of only the requestedNbytes.HTTPResponse.drain_conn()is called after a partially-read decompressed response (regardless of compression algorithm), urllib3 again decompresses the full remaining body.In both cases, a malicious HTTP server can send a small payload of highly compressed data. urllib3 then fully decompresses it in a single operation, triggering massive memory allocation and high CPU usage on the client — a classic decompression bomb / resource exhaustion attack.
Fix
Recommended version: urllib3 ≥2.7.0
Fix command:
Or update the constraint in
sdks/python/pyproject.toml:(This also resolves the credential-leak advisory tracked in #828, as both are fixed in 2.7.0.)
Risk Assessment
This is a direct runtime dependency of the Python SDK. The PMXT Python SDK (
pmxt) depends on urllib3 for all HTTP communication with prediction market APIs. If any API endpoint (or a network-level attacker via MITM) returns a Brotli-compressed response while the SDK reads it in multiple chunks — or callsdrain_conn()after partial reads — the client process can be forced to allocate unbounded memory, leading to OOM termination or severe CPU exhaustion. Prediction market data consumption typically involves high-frequency partial reads of streaming or paginated responses, which is precisely the pattern that triggers condition (1).Found by automated dependency vulnerability scan