By vendor
Aiohttp vulnerabilities
Known CVEs affecting Aiohttp products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-34993MEDIUM 6.4
AIOHTTP, a popular Python library for building asynchronous web applications, contains a vulnerability in its cookie handling mechanism. When the `CookieJar.load()` function processes untrusted cookie files, attackers can craft malicious files that execute arbitrary code on the affected system. However, the vulnerability requires specific conditions: an application must explicitly load cookies from attacker-controlled files, which is uncommon in typical deployments where cookie data comes from trusted sources or user profiles.