5 matches found
CVE-2026-54275
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...
CVE-2026-54275
CVE-2026-54275 (aiohttp) affects the aiohttp package prior to 3.14.1. The issue is a TLS server_hostname SNI check bypass that occurs when an existing connection is reused for multiple requests with different per-request server_hostname values. As a result, later requests to the same domain may r...
CVE-2026-54275 AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...
GHSA-4M7W-QMGQ-4WJ5 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
Summary The serverhostname TLS SNI check can be bypassed when an existing connection is reused. Impact If an application makes multiple requests to the same domain, but with different per-request serverhostname parameters, then the later calls may succeed by reusing the existing connection when...
PT-2026-49589
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description The server hostname TLS SNI Server Name Indication check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain using different per-reque...