Lucene search
K

5 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

7.5CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:34 p.m.27 views

CVE-2026-54275

CVE-2026-54275 (aiohttp) affects the aiohttp package prior to 3.14.1. The issue is a TLS server_hostname SNI check bypass that occurs when an existing connection is reused for multiple requests with different per-request server_hostname values. As a result, later requests to the same domain may r...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:34 p.m.34 views

CVE-2026-54275 AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

6.9CVSS0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 8:11 p.m.4 views

GHSA-4M7W-QMGQ-4WJ5 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

Summary The serverhostname TLS SNI check can be bypassed when an existing connection is reused. Impact If an application makes multiple requests to the same domain, but with different per-request serverhostname parameters, then the later calls may succeed by reusing the existing connection when...

6.9CVSS5.4AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49589

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description The server hostname TLS SNI Server Name Indication check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain using different per-reque...

6.9CVSS5.8AI score0.00266EPSS
Exploits0References4
Rows per page
Query Builder