CVE-2026-22815

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4

Description Insufficient restrictions in header/trailer handling could lead to uncapped memory usage. An application could experience memory exhaustion when processing attacker-controlled requests or responses. A vulnerable web application could mitigate these risks with a typical reverse proxy configuration.

Recommendations Update to version 3.13.4 or later.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2026-22815

ECHO-B104-18BE-DBA6

GHSA-W2FM-2CPV-W7V5

OESA-2026-2192

OESA-2026-2193

OESA-2026-2194

Affected Products

Aiohttp

CVE-2026-22815

Weakness Enumeration

Related Identifiers

Affected Products

References · 27