CVE-2026-34519

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4

Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the reason parameter when creating a Response may inject extra headers or similar exploits. This could allow manipulation of the response to send unintended data if untrusted data is used in the reason parameter.

Recommendations Update to version 3.13.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113

Related Identifiers

CLEANSTART-2026-AN27706

CVE-2026-34519

ECHO-ABE8-B546-AD42

GHSA-MWH4-6H8G-PG8W

OESA-2026-2192

OESA-2026-2193

OESA-2026-2194

Affected Products

Aiohttp

CVE-2026-34519

Weakness Enumeration

Related Identifiers

Affected Products

References · 62