CVE-2026-34993 in aiohttpالمعلومات

الملخص

بحسب MITRE • 03/06/2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Version 3.14.0 patches the issue. If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitize the files before loading.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

31/03/2026

إفشاء

03/06/2026

الاعتدال

تمت الموافقة

إدخال

VDB-368053

CPE

جاهز

CWE

CWE-502 (مؤكد)

CVSS

6.4 (CNA)

EPSS

0.00055

KEV

لا

النشاطات

منخفض

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34993
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34993
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34993/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!