CVE-2026-34516

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4

Description A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially leading to a denial-of-service condition. Multipart headers were not subject to the same size restrictions as normal headers, potentially allowing a larger amount of data to be loaded into memory than expected.

Recommendations Update to version 3.13.4 or later.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CLEANSTART-2026-AN27706

CVE-2026-34516

ECHO-AC58-CDA1-4C8B

GHSA-M5QP-6W8W-W647

OESA-2026-2192

OESA-2026-2193

OESA-2026-2194

OPENSUSE-SU-2026:10545-1

Affected Products

Aiohttp

CVE-2026-34516

Weakness Enumeration

Related Identifiers

Affected Products

References · 65