new file mode 100644
@@ -0,0 +1,68 @@
+From 34d76b00dabde81a793bd06dd8ecb057838c4b38 Mon Sep 17 00:00:00 2001
+From: Seth Michael Larson <seth@python.org>
+Date: Sun, 25 Jan 2026 11:05:15 -0600
+Subject: [PATCH] [3.10] gh-143925: Reject control characters in data: URL
+ mediatypes (#144115)
+
+(cherry picked from commit f25509e78e8be6ea73c811ac2b8c928c28841b9f)
+(cherry picked from commit 2c9c746077d8119b5bcf5142316992e464594946)
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38]
+CVE: CVE-2025-15282
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Lib/test/test_urllib.py | 8 ++++++++
+ Lib/urllib/request.py | 5 +++++
+ .../2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst | 1 +
+ 3 files changed, 14 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst
+
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index 82f1d9dc2e7bb3..b08fc8f2b19463 100644
+--- a/Lib/test/test_urllib.py
++++ b/Lib/test/test_urllib.py
+@@ -11,6 +11,7 @@
+ from test import support
+ from test.support import os_helper
+ from test.support import warnings_helper
++from test.support import control_characters_c0
+ import os
+ try:
+ import ssl
+@@ -683,6 +684,13 @@ def test_invalid_base64_data(self):
+ # missing padding character
+ self.assertRaises(ValueError,urllib.request.urlopen,'data:;base64,Cg=')
+
++ def test_invalid_mediatype(self):
++ for c0 in control_characters_c0():
++ self.assertRaises(ValueError,urllib.request.urlopen,
++ f'data:text/html;{c0},data')
++ for c0 in control_characters_c0():
++ self.assertRaises(ValueError,urllib.request.urlopen,
++ f'data:text/html{c0};base64,ZGF0YQ==')
+
+ class urlretrieve_FileTests(unittest.TestCase):
+ """Test urllib.urlretrieve() on local files"""
+diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
+index 6edde1f73189b1..c378a86a70cbeb 100644
+--- a/Lib/urllib/request.py
++++ b/Lib/urllib/request.py
+@@ -1654,6 +1654,11 @@ def data_open(self, req):
+ scheme, data = url.split(":",1)
+ mediatype, data = data.split(",",1)
+
++ # Disallow control characters within mediatype.
++ if re.search(r"[\x00-\x1F\x7F]", mediatype):
++ raise ValueError(
++ "Control characters not allowed in data: mediatype")
++
+ # even base64 encoded data URLs might be quoted so unquote in any case:
+ data = unquote_to_bytes(data)
+ if mediatype.endswith(";base64"):
+diff --git a/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst b/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst
+new file mode 100644
+index 00000000000000..46109dfbef3ee7
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst
+@@ -0,0 +1 @@
++Reject control characters in ``data:`` URL media types.
@@ -41,6 +41,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://CVE-2025-13836.patch \
file://CVE-2025-13837.patch \
file://CVE-2025-12084.patch \
+ file://CVE-2025-15282.patch \
"
SRC_URI:append:class-native = " \