CVE-2026-22815

Published: Apr 1, 2026

Modified: Apr 4, 2026

PUBLISHED

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.

Vendor	Product	Versions
aio-libs	aiohttp	affected `< 3.13.4`

Weaknesses (CWE)

CWE-400

CWE-770

References

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5

x_refsource_CONFIRM

https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36

x_refsource_MISC

https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-22815

Description

Affected Products

Weaknesses (CWE)

References