CVE-2026-34519

LOW SEVERITY

Vulnerability Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.

Vulnerability Details

Published Date

April 01, 2026

Last Modified

April 03, 2026

CWE ID

CWE-113

Source

NVD

Vendor

aio-libs

Product

aiohttp

External References

https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w

CVE-2026-34519

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment