CVE-2026-34514

LOW SEVERITY

Vulnerability Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.

Vulnerability Details

Published Date

April 01, 2026

Last Modified

April 03, 2026

CWE ID

CWE-113

Source

NVD

Vendor

aio-libs

Product

aiohttp

External References

https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5

CVE-2026-34514

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment