{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"python-aiohttp security update", "category":"general", "title":"Synopsis" }, { "text":"An update for python-aiohttp is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"Async http client/server framework (asyncio).\n\nSecurity Fix(es):\n\nInsufficient restrictions in header/trailer handling could cause uncapped memory usage.(CVE-2026-22815)\n\nAn unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.(CVE-2026-34513)\n\nAn attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits.(CVE-2026-34514)\n\nA response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability.(CVE-2026-34516)\n\nFor some multipart form fields, aiohttp read the entire field into memory before checking client_max_size.(CVE-2026-34517)\n\nWhen following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers.(CVE-2026-34518)\n\naiohttp is vulnerable to HTTP response splitting attacks. An attacker can insert carriage return (\\r) characters in the reason phrase to craft malicious responses, leading to response splitting attacks. This vulnerability affects aiohttp versions up to and including 3.13.3.(CVE-2026-34519)\n\nThe llhttp parser in aiohttp accepts null bytes and control characters in response header values, which could allow attackers to perform HTTP header injection attacks and bypass security restrictions.(CVE-2026-34520)\n\naiohttp is a Python asynchronous HTTP client/server framework. In version 3.13.3 and earlier, there is a security vulnerability that allows accepting duplicate Host headers, which may lead to HTTP request smuggling attacks. Attackers could exploit this vulnerability to bypass security controls or perform man-in-the-middle attacks.(CVE-2026-34525)", "category":"general", "title":"Description" }, { "text":"An update for python-aiohttp is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"python-aiohttp", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2192", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" }, { "summary":"CVE-2026-22815", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-22815&packageName=python-aiohttp" }, { "summary":"CVE-2026-34513", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34513&packageName=python-aiohttp" }, { "summary":"CVE-2026-34514", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34514&packageName=python-aiohttp" }, { "summary":"CVE-2026-34516", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34516&packageName=python-aiohttp" }, { "summary":"CVE-2026-34517", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34517&packageName=python-aiohttp" }, { "summary":"CVE-2026-34518", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34518&packageName=python-aiohttp" }, { "summary":"CVE-2026-34519", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34519&packageName=python-aiohttp" }, { "summary":"CVE-2026-34520", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34520&packageName=python-aiohttp" }, { "summary":"CVE-2026-34525", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34525&packageName=python-aiohttp" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22815" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34513" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34514" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34516" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34517" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34518" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34519" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34520" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34525" }, { "summary":"openEuler-SA-2026-2192 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2192.json" } ], "title":"An update for python-aiohttp is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2026-05-03T18:08:24+08:00", "revision_history":[ { "date":"2026-05-03T18:08:24+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-05-03T18:08:24+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-05-03T18:08:24+08:00", "id":"openEuler-SA-2026-2192", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.x86_64.rpm", "name":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.x86_64.rpm" }, "name":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.x86_64.rpm", "name":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.x86_64.rpm" }, "name":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-aiohttp-help-3.13.5-1.oe2403sp1.x86_64.rpm", "name":"python-aiohttp-help-3.13.5-1.oe2403sp1.x86_64.rpm" }, "name":"python-aiohttp-help-3.13.5-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-aiohttp-3.13.5-1.oe2403sp1.x86_64.rpm", "name":"python3-aiohttp-3.13.5-1.oe2403sp1.x86_64.rpm" }, "name":"python3-aiohttp-3.13.5-1.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-aiohttp-3.13.5-1.oe2403sp1.src.rpm", "name":"python-aiohttp-3.13.5-1.oe2403sp1.src.rpm" }, "name":"python-aiohttp-3.13.5-1.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.aarch64.rpm", "name":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.aarch64.rpm" }, "name":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.aarch64.rpm", "name":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.aarch64.rpm" }, "name":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-aiohttp-help-3.13.5-1.oe2403sp1.aarch64.rpm", "name":"python-aiohttp-help-3.13.5-1.oe2403sp1.aarch64.rpm" }, "name":"python-aiohttp-help-3.13.5-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-aiohttp-3.13.5-1.oe2403sp1.aarch64.rpm", "name":"python3-aiohttp-3.13.5-1.oe2403sp1.aarch64.rpm" }, "name":"python3-aiohttp-3.13.5-1.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.x86_64", "name":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-aiohttp-debugsource-3.13.5-1.oe2403sp1.x86_64", "name":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-aiohttp-help-3.13.5-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-aiohttp-help-3.13.5-1.oe2403sp1.x86_64", "name":"python-aiohttp-help-3.13.5-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-aiohttp-3.13.5-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-aiohttp-3.13.5-1.oe2403sp1.x86_64", "name":"python3-aiohttp-3.13.5-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-aiohttp-3.13.5-1.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-aiohttp-3.13.5-1.oe2403sp1.src", "name":"python-aiohttp-3.13.5-1.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.aarch64", "name":"python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-aiohttp-debugsource-3.13.5-1.oe2403sp1.aarch64", "name":"python-aiohttp-debugsource-3.13.5-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-aiohttp-help-3.13.5-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-aiohttp-help-3.13.5-1.oe2403sp1.aarch64", "name":"python-aiohttp-help-3.13.5-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-aiohttp-3.13.5-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-aiohttp-3.13.5-1.oe2403sp1.aarch64", "name":"python3-aiohttp-3.13.5-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-22815", "notes":[ { "text":"Insufficient restrictions in header/trailer handling could cause uncapped memory usage.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python-aiohttp-debugsource-3.13.5-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python-aiohttp-help-3.13.5-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-aiohttp-3.13.5-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python-aiohttp-3.13.5-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python-aiohttp-debuginfo-3.13.5-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python-aiohttp-debugsource-3.13.5-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python-aiohttp-help-3.13.5-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-aiohttp-3.13.5-1.oe2403sp1.aarch64" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.9, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-22815" }, { "cve":"CVE-2026-34513", "notes":[ { "text":"An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.7, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-34513" }, { "cve":"CVE-2026-34514", "notes":[ { "text":"An attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.7, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-34514" }, { "cve":"CVE-2026-34516", "notes":[ { "text":"A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.6, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-34516" }, { "cve":"CVE-2026-34517", "notes":[ { "text":"For some multipart form fields, aiohttp read the entire field into memory before checking client_max_size.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.7, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-34517" }, { "cve":"CVE-2026-34518", "notes":[ { "text":"When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.7, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-34518" }, { "cve":"CVE-2026-34519", "notes":[ { "text":"aiohttp is vulnerable to HTTP response splitting attacks. An attacker can insert carriage return (\\r) characters in the reason phrase to craft malicious responses, leading to response splitting attacks. This vulnerability affects aiohttp versions up to and including 3.13.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.7, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-34519" }, { "cve":"CVE-2026-34520", "notes":[ { "text":"The llhttp parser in aiohttp accepts null bytes and control characters in response header values, which could allow attackers to perform HTTP header injection attacks and bypass security restrictions.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.7, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2026-34520" }, { "cve":"CVE-2026-34525", "notes":[ { "text":"aiohttp is a Python asynchronous HTTP client/server framework. In version 3.13.3 and earlier, there is a security vulnerability that allows accepting duplicate Host headers, which may lead to HTTP request smuggling attacks. Attackers could exploit this vulnerability to bypass security controls or perform man-in-the-middle attacks.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-aiohttp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.3, "vectorString":"CVSS:3.1/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-34525" } ] }