CVE-2026-34993 in aiohttpthông tin

Tóm tắt

Bởi MITRE • 03/06/2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Version 3.14.0 patches the issue. If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitize the files before loading.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

31/03/2026

Tiết lộ

03/06/2026

Kiểm duyệt

được chấp nhận

mục

VDB-368053

CPE

sẵn sàng

CWE

CWE-502 (Đã xác nhận)

CVSS

6.4 (CNA)

EPSS

0.00055

KEV

không

Các hoạt động

thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34993
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34993
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34993/

◂ Trước Tổng Quan Tiếp theo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!