AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potentially leading to DoS. This vulnerability is fixed in 3.14.1.
References
Configurations
History
30 Jun 2026, 18:11
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/aio-libs/aiohttp/commit/5ab61bb4cd88f19b712f12c7c9295fe262bf804d - Patch | |
| References | () https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hw-fmq6-xxg2 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| First Time |
Aiohttp
Aiohttp aiohttp |
|
| CPE | cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:* |
22 Jun 2026, 18:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-22 18:16
Updated : 2026-06-30 18:11
NVD link : CVE-2026-54277
Mitre link : CVE-2026-54277
CVE.ORG link : CVE-2026-54277
JSON object : View
Products Affected
aiohttp
- aiohttp
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
