CVE-2026-34515

Published: Apr 1, 2026

Modified: Apr 2, 2026

PUBLISHED

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.

Vendor	Product	Versions
aio-libs	aiohttp	affected `< 3.13.4`

Weaknesses (CWE)

CWE-36

CWE-918

References

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m

x_refsource_CONFIRM

https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d

x_refsource_MISC

https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-34515

Description

Affected Products

Weaknesses (CWE)

References