Aiohttp · Aiohttp · CVE-2026-22815
Name of the Vulnerable Software and Affected Versions
AIOHTTP versions prior to 3.13.4
Description
Insufficient restrictions in header/trailer handling could lead to uncapped memory usage. An application could experience memory exhaustion when processing attacker-controlled requests or responses. A vulnerable web application could mitigate these risks with a typical reverse proxy configuration.
Recommendations
Update to version 3.13.4 or later.