Ubuntu Security Notices USN-8344-3 USN-8344-3: pip vulnerability Publication date 3 June 2026 Overview A regression was fixed in pip. Releases 26.04 LTS 24.04 LTS 22.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Related notices Packages python-pip - Python package installer Details USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. ( CVE-2025-66471 ) USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. ( CVE-2025-66471 ) Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 26.04 LTS resolute python3-pip – 25.1.1+dfsg-1ubuntu2+esm3 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. python3-pip-whl – 25.1.1+dfsg-1ubuntu2+esm3 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 24.04 LTS noble python3-pip – 24.0+dfsg-1ubuntu1.3+esm3 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. python3-pip-whl – 24.0+dfsg-1ubuntu1.3+esm3 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 22.04 LTS jammy python3-pip – 22.0.2+dfsg-1ubuntu0.7+esm3 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. python3-pip-whl – 22.0.2+dfsg-1ubuntu0.7+esm3 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2025-66471 CVE-2025-66471 Related notices USN-8344-1 USN-7927-1 USN-7927-2 USN-7927-3 USN-8344-1 USN-7927-1 USN-7927-2 USN-7927-3