CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (preload content=False) when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the max length protection introduced in version 2.6.0 to mitigate CVE-2025-66471. Specifically, negative max length values can be produced due to buffer arithmetic in read(), flush decoder unconditionally overrides max length to -1, and flush decoder() passes no limit at all, defaulting to unlimited decompression. This allows a malicious HTTP server to trigger an out-of-memory (OOM) condition by decompressing large payloads into memory, leading to a denial of service (DoS). The vulnerability affects urllib3 2.6.3 and Brotli 1.2.0 and impacts applications and libraries using requests or urllib3 to stream content from untrusted sources.