CVE-2026-34993 in aiohttpinformação

Sumário

de MITRE • 03/06/2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Version 3.14.0 patches the issue. If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitize the files before loading.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

31/03/2026

Divulgação

03/06/2026

Moderação

aceite

Entrada

VDB-368053

CPE

pronto

CWE

CWE-502 (confirmado)

CVSS

6.4 (CNA)

EPSS

0.00055

KEV

não

Atividades

baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34993
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34993
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34993/

◂ Voltar Visão Geral Próximo ▸

Do you know our Splunk app?

Download it now for free!