diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt
index 4f63f79aac5..7ba565c4057 100644
--- a/homeassistant/package_constraints.txt
+++ b/homeassistant/package_constraints.txt
@@ -55,6 +55,7 @@ scapy==2.5.0
 SQLAlchemy==2.0.23
 typing-extensions>=4.9.0,<5.0
 ulid-transform==0.9.0
+urllib3>=1.26.5,<2
 voluptuous-serialize==2.6.0
 voluptuous==0.13.1
 webrtc-noise-gain==1.2.3
@@ -65,11 +66,6 @@ zeroconf==0.131.0
 # see https://github.com/home-assistant/core/pull/16238
 pycryptodome>=3.6.6
 
-# Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
-# Temporary setting an upper bound, to prevent compat issues with urllib3>=2
-# https://github.com/home-assistant/core/issues/97248
-urllib3>=1.26.5,<2
-
 # Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
 # https://github.com/advisories/GHSA-93xj-8mrv-444m
 httplib2>=0.19.0
diff --git a/pyproject.toml b/pyproject.toml
index c7f9622faa1..067275eaedb 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -54,6 +54,10 @@ dependencies    = [
     "requests==2.31.0",
     "typing-extensions>=4.9.0,<5.0",
     "ulid-transform==0.9.0",
+    # Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
+    # Temporary setting an upper bound, to prevent compat issues with urllib3>=2
+    # https://github.com/home-assistant/core/issues/97248
+    "urllib3>=1.26.5,<2",
     "voluptuous==0.13.1",
     "voluptuous-serialize==2.6.0",
     "yarl==1.9.4",
diff --git a/requirements.txt b/requirements.txt
index 2cac92b4972..55cbdc31730 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -30,6 +30,7 @@ PyYAML==6.0.1
 requests==2.31.0
 typing-extensions>=4.9.0,<5.0
 ulid-transform==0.9.0
+urllib3>=1.26.5,<2
 voluptuous==0.13.1
 voluptuous-serialize==2.6.0
 yarl==1.9.4
diff --git a/script/gen_requirements_all.py b/script/gen_requirements_all.py
index 3cecff68fb0..7f652b14302 100755
--- a/script/gen_requirements_all.py
+++ b/script/gen_requirements_all.py
@@ -59,11 +59,6 @@ CONSTRAINT_BASE = """
 # see https://github.com/home-assistant/core/pull/16238
 pycryptodome>=3.6.6
 
-# Constrain urllib3 to ensure we deal with CVE-2020-26137 and CVE-2021-33503
-# Temporary setting an upper bound, to prevent compat issues with urllib3>=2
-# https://github.com/home-assistant/core/issues/97248
-urllib3>=1.26.5,<2
-
 # Constrain httplib2 to protect against GHSA-93xj-8mrv-444m
 # https://github.com/advisories/GHSA-93xj-8mrv-444m
 httplib2>=0.19.0