CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

CVE-2026-34513 AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

CVE-2026-34513

CVE-2026-34513 affects aiohttp prior to 3.13.4, where an unbounded DNS cache could cause excessive memory usage leading to a DoS. The issue has been patched in 3.13.4. Affected component: aiohttp (async HTTP client/server for asyncio). Root cause: unbounded DNS cache memory growth. Impact: potent...

CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

GHSA-W2FM-2CPV-W7V5 aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage

Summary Insufficient restrictions in header/trailer handling could cause uncapped memory usage. Impact An application could cause memory exhaustion when receiving an attacker controlled request or response. A vulnerable web application could mitigate these risks with a typical reverse proxy...

EUVD-2026-18029

aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage...

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1346 more potentially affected by CVE-2026-22815 via aiohttp (>=0.13.1 <=3.13.3)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-22815 Source advisory: OSV:GHSA-W2FM-2CPV-W7V5...

aiohttp 安全漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained security vulnerabilities; these vulnerabilities stemmed from unlimited DNS caching, which could lead to excessive...

PT-2026-29607

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description When following redirects to a different origin, aiohttp removes the Authorization header while keeping the Cookie and Proxy-Authorization headers. This could lead to the leakage of sensitive...

aiohttp 安全漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained security vulnerabilities; these vulnerabilities stemmed from insufficient handling of headers or trailers, which...

PT-2026-29605

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially leading to a denial-of-service condition. Multipart headers were not subject to...

aiohttp 信息泄露漏洞

aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Prior to version 3.13.4 of aiohttp, there was an information leakage vulnerability. This vulnerability occurred when aiohttp discarded the Authorization header...

aiohttp 注入漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained a injection vulnerability. This vulnerability allowed attackers to inject additional headers or perform similar...

aiohttp 注入漏洞

aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Prior to version 3.13.4 of AIOHTTP, there was an injection vulnerability; this vulnerability stemmed from the C parser allowing empty bytes and control...

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

PT-2026-29610

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Multiple Host headers were permitted in AIOHTTP, potentially allowing a reverse proxy's security rules to be bypassed. This could lead to a request being processed by AIOHTTP in a privileged sub...