CVE-2026-34515

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4

Description Prior to version 3.13.4, on Windows, the static resource handler in AIOHTTP may expose information about a NTLMv2 remote path. This could potentially allow an attacker to extract the hash from an NTLMv2 path and then extract user credentials.

Recommendations Update AIOHTTP to version 3.13.4 or later.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-36

Related Identifiers

CLEANSTART-2026-AN27706

CVE-2026-34515

GHSA-P998-JP59-783M

Affected Products

Aiohttp

CVE-2026-34515

Weakness Enumeration

Related Identifiers

Affected Products

References · 53