2 matches found
EUVD-2026-18035
AIOHTTP Affected by Denial of Service DoS via Unbounded DNS Cache in TCPConnector...
CVE-2026-34518
CVE-2026-34518 affects aiohttp prior to 3.13.4: during cross-origin redirects, the client/server framework drops the Authorization header but keeps Cookie and Proxy-Authorization headers. This could expose sensitive cookie-related data across origins. The issue is fixed in aiohttp 3.13.4.