CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/01 8:13 p.m.•0 views

CVE-2026-34516 AIOHTTP: Multipart Header Size Bypass

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.8AI score0.0002EPSS

AlpineLinux•added 2026/04/01 8:13 p.m.•2 views

CVE-2026-34516

8.7CVSS5.4AI score0.0002EPSS

ATTACKERKB•added 2026/04/01 8:13 p.m.•2 views

CVE-2026-34516

8.7CVSS5.7AI score0.0002EPSS

CVE•added 2026/04/01 8:13 p.m.•10 views

CVE-2026-34516

This CVE concerns AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may cause higher memory usage, enabling a DoS vulnerability. The issue has been patched in 3.13.4. Affected: AIOHTTP up...

8.7CVSS5.7AI score0.0002EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/01 8:13 p.m.•21 views

CVE-2026-34516 AIOHTTP: Multipart Header Size Bypass

8.7CVSS0.0002EPSS

Debian CVE•added 2026/04/01 8:13 p.m.•3 views

CVE-2026-34516

8.7CVSS5.2AI score0.0002EPSS

Debian CVE•added 2026/04/01 8:10 p.m.•3 views

CVE-2026-34515

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

8.7CVSS5.4AI score0.00022EPSS

AlpineLinux•added 2026/04/01 8:10 p.m.•2 views

CVE-2026-34515

8.7CVSS5.5AI score0.00022EPSS

ATTACKERKB•added 2026/04/01 8:10 p.m.•5 views

CVE-2026-34515

8.7CVSS5.8AI score0.00022EPSS

Vulnrichment•added 2026/04/01 8:10 p.m.•2 views

CVE-2026-34515 AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

8.7CVSS5.8AI score0.00022EPSS

ATTACKERKB•added 2026/04/01 8:9 p.m.•5 views

CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00015EPSS

Vulnrichment•added 2026/04/01 8:9 p.m.•5 views

CVE-2026-34514 AIOHTTP: CRLF injection in multipart part content type header construction

6.9CVSS5.8AI score0.00015EPSS

Debian CVE•added 2026/04/01 8:9 p.m.•4 views

CVE-2026-34514

6.9CVSS5.3AI score0.00015EPSS

Cvelist•added 2026/04/01 8:9 p.m.•23 views

CVE-2026-34514 AIOHTTP: CRLF injection in multipart part content type header construction

6.9CVSS0.00015EPSS

AlpineLinux•added 2026/04/01 8:9 p.m.•2 views

CVE-2026-34514

6.9CVSS5.4AI score0.00015EPSS

Vulnrichment•added 2026/04/01 8:8 p.m.•0 views

CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.0002EPSS

vulnersOsv•added 2026/04/01 8:8 p.m.•2 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1217 more potentially affected by CVE-2026-22815 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-22815 Source advisory: SNYK:PYTHON-AIOHTTP-15873739...

7.5CVSS5.4AI score0.0002EPSS