SEC-002: Fix urllib3 Decompression-Bomb Vulnerability (CVE-2026-21441)

Background

Dependabot alert #8 identified a high-severity decompression-bomb vulnerability in urllib3 version 2.6.0. The vulnerability (GHSA-38jv-5279-wg99 / CVE-2026-21441) could allow malicious servers to trigger excessive resource consumption on the client through HTTP redirects when using the streaming API.

Vulnerability Details

• GHSA ID: GHSA-38jv-5279-wg99
• CVE ID: CVE-2026-21441
• Severity: High (CVSS 4.0 Score: 8.9)
• CWE: CWE-409 (Improper Handling of Highly Compressed Data)
• Affected Versions: urllib3 >= 1.22, < 2.6.3
• Published: January 7, 2026

Technical Details

urllib3's streaming API (preload_content=False) is designed for efficient handling of large HTTP responses by reading content in chunks. However, for HTTP redirect responses, the library would: 1. Read the entire response body to drain the connection 2. Decompress the content unnecessarily before any read methods were called 3. Ignore configured read limits for decompressed data

This created a decompression-bomb attack vector where a malicious server could exploit redirects to trigger high CPU usage and large memory allocations (data amplification attack).

Changes

requirements.txt

Updated urllib3 minimum version from >=2.6.0 to >=2.6.3:

- urllib3>=2.6.0
+ urllib3>=2.6.3

Additional Fixes

While investigating dependencies, also fixed: - qs (Node.js dependency): Updated to >=6.14.1 via npm audit fix to address GHSA-6rw7-vpxm-498p (arrayLimit bypass DoS)

Testing

Verify urllib3 Version

# After rebuilding Docker images or updating Python environment
pip show urllib3 | grep Version
# Should show: Version: 2.6.3 or higher

Security Audit

# Node.js dependencies
npm audit
# Should report: found 0 vulnerabilities

# GitHub Dependabot
gh api repos/admonstrator/paperless-ai-next/dependabot/alerts/8
# Should show: "state": "fixed" or "dismissed"

Functional Testing

RAG service functionality remains unchanged - streaming content handling continues to work correctly with the patched version.

Impact

Security

• Eliminated: High-severity decompression-bomb attack vector (CVSS 8.9)
• Protected: Client systems from memory exhaustion attacks via malicious redirects
• Hardened: Streaming API behavior against data amplification attacks

Performance

No performance impact - the fix prevents unnecessary decompression on redirects, which could actually improve performance in redirect scenarios.

Functionality

• ✅ RAG service continues to function normally
• ✅ HTTP streaming API behavior unchanged for normal responses
• ✅ Redirect handling now more secure and efficient

Remediation Details

urllib3 v2.6.3 addresses the vulnerability by: - Not decoding content of redirect responses when preload_content=False - Preventing unnecessary decompression before read methods are called - Ensuring configured read limits apply to decompressed data

Alternative Mitigation (if upgrade not possible)

If upgrading is not immediately possible, disable redirects by setting redirect=False for requests to untrusted sources.

References

• GitHub Security Advisory GHSA-38jv-5279-wg99
• NVD CVE-2026-21441
• urllib3 Fix Commit
• Dependabot Alert #8

Integration Date

January 9, 2026