NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-50269

Summary	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.append(headers=...) or Payload.headers, then an attacker may be able to modify the request to inject headers or change the contents of the request. This vulnerability is fixed in 3.14.0.
Publication Date	June 23, 2026, 3:16 a.m.
Registration Date	June 27, 2026, 4:10 a.m.
Last Update	June 23, 2026, 4:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/aio-libs/aiohttp/commit/bf88077ebb14f4c29924b8e8904cba20c55c28b8	security-advisories@github.com
2	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m6qw-4cw2-hm4m	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-113	HTTP レスポンスの分割	https://cwe.mitre.org/data/definitions/113.html
2	CWE-93	CRLF インジェクション	https://cwe.mitre.org/data/definitions/93.html