CVE-2026-34520

Published April 1st, 2026

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.

aio-libs/aiohttp

Asynchronous HTTP client/server framework for asyncio and Python

GitHub

16.4K