Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-34514
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-01 Apr, 2026 | 20:09
Updated At-02 Apr, 2026 | 14:07
Rejected At-
▼CVE Numbering Authority (CNA)
AIOHTTP: CRLF injection in multipart part content type header construction

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.

Affected Products
Vendor
aio-libs
Product
aiohttp
Versions
Affected
  • < 3.13.4
Problem Types
TypeCWE IDDescription
CWECWE-113CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Type: CWE
CWE ID: CWE-113
Description: CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Metrics
VersionBase scoreBase severityVector
4.02.7LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
Version: 4.0
Base score: 2.7
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
x_refsource_CONFIRM
https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
x_refsource_MISC
https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
x_refsource_MISC
Hyperlink: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
Resource:
x_refsource_MISC
Hyperlink: https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found