PT-2026-49594 · Pypi · Aiohttp

Published

2026-06-15

Updated

2026-06-15

CVE-2026-54280

CVSS v4.0

1.7

Low

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

Summary

Payload resources are not closed correctly when a client disconnects in the middle of a write.

Impact

If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection or similar closes the file.

Patch: https://github.com/aio-libs/aiohttp/commit/a762eda5242f6490d6ba667533193f8b473ad587

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2026-54280

GHSA-9X8Q-7H8H-WCW9

Affected Products

Aiohttp

PT-2026-49594 · Pypi · Aiohttp

CVE-2026-54280

Summary

Impact

Weakness Enumeration

Related Identifiers

Affected Products

References · 4