PT-2026-49593 · Pypi · Aiohttp
Published
2026-06-15
·
Updated
2026-06-15
·
CVE-2026-54279
CVSS v4.0
1.3
Low
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U |
Summary
Host-only cookies that are saved with
CookieJar.save() and then restored later with CookieJar.load() lose their host-only status.Impact
Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed.
Fix
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aiohttp