CVE-2026-34514

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4

Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the content type parameter in aiohttp could inject extra headers or similar exploits. If an application allows untrusted data to be used for the multipart content type parameter when constructing a request, an attacker may be able to manipulate the request.

Recommendations Update to version 3.13.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113

Related Identifiers

CLEANSTART-2026-AN27706

CVE-2026-34514

ECHO-2E96-17F7-CC4B

GHSA-2VRM-GR82-F7M5

OESA-2026-2192

OESA-2026-2193

OESA-2026-2194

OPENSUSE-SU-2026:10490-1

Affected Products

Aiohttp

CVE-2026-34514

Weakness Enumeration

Related Identifiers

Affected Products

References · 64