diff --git a/CVE-2026-44431.patch b/CVE-2026-44431.patch
new file mode 100644
index 0000000..6af45c9
--- /dev/null
+++ b/CVE-2026-44431.patch
@@ -0,0 +1,39 @@
+From 5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc Mon Sep 17 00:00:00 2001
+From: illia-v <illia-v@users.noreply.github.com>
+Subject: [PATCH] CVE-2026-44431: Remove sensitive headers in proxy pools too
+
+Sensitive headers (Authorization, Cookie, Proxy-Authorization) were
+already stripped when PoolManager handled cross-host redirects, but not
+when a pool obtained via ProxyManager.connection_from_url() handled
+redirects directly through connectionpool.urlopen(). This adds the same
+header-stripping logic to connectionpool.py.
+
+Upstream fix: https://github.com/urllib3/urllib3/commit/5ec0de49
+---
+ src/urllib3/connectionpool.py | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py
+index 5f66cd25..2b3a7f1c 100644
+--- a/src/urllib3/connectionpool.py
++++ b/src/urllib3/connectionpool.py
+@@ -690,6 +690,17 @@ class HTTPConnectionPool(ConnectionPool, RequestMethods):
+                 body = None
+                 headers = HTTPHeaderDict(headers)._prepare_for_method_change()
+
++            # Strip headers marked as unsafe to forward to the redirected location.
++            # Check remove_headers_on_redirect to avoid a potential network call within
++            # self.is_same_host() which may use socket.gethostbyname() in the future.
++            if (retries.remove_headers_on_redirect
++                    and not self.is_same_host(redirect_location)):
++                if not isinstance(headers, HTTPHeaderDict):
++                    headers = HTTPHeaderDict(headers or {})
++                for header in list(six.iterkeys(headers)):
++                    if header.lower() in retries.remove_headers_on_redirect:
++                        headers.pop(header, None)
++
+             try:
+                 retries = retries.increment(method, url, response=response, _pool=self)
+             except MaxRetryError:
+--
+2.52.0
diff --git a/python-urllib3.spec b/python-urllib3.spec
index ddc7c54..2687fa6 100644
--- a/python-urllib3.spec
+++ b/python-urllib3.spec
@@ -2,7 +2,7 @@
 
 Name:           python-%{srcname}
 Version:        1.24.2
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        Python HTTP library with thread-safe connection pooling and file post
 
 License:        MIT
@@ -59,6 +59,13 @@ Patch7: CVE-2025-66471.patch
 Patch8: CVE-2025-66418.patch
 Patch9: CVE-2026-21441.patch
 
+# CVE-2026-44431
+# Sensitive headers were stripped on cross-host redirects by PoolManager but not
+# by pools obtained via ProxyManager.connection_from_url(), allowing headers such
+# as Authorization, Cookie and Proxy-Authorization to leak to the redirected host.
+# Upstream fix: https://github.com/urllib3/urllib3/commit/5ec0de49
+Patch10: CVE-2026-44431.patch
+
 %description
 Python HTTP module with connection pooling and file POST abilities.
 
@@ -159,6 +166,10 @@ popd
 
 
 %changelog
+* Wed Jun 03 2026 Lumír Balhar <lbalhar@redhat.com> - 1.24.2-10
+- Security fix for CVE-2026-44431
+Resolves: RHEL-184858
+
 * Wed Dec 17 2025 Miro Hrončok <mhroncok@redhat.com> - 1.24.2-9
 - Security fix for CVE-2025-66471
 - Security fix for CVE-2025-66418