NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-54278

Summary	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip bomb edge case). This vulnerability is fixed in 3.14.1.
Publication Date	June 23, 2026, 3:16 a.m.
Registration Date	June 27, 2026, 4:11 a.m.
Last Update	June 24, 2026, 12:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/aio-libs/aiohttp/commit/4f7480e474cccc6a8cc2c92ad3f17a31dedf8232	security-advisories@github.com
2	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g3cq-j2xw-wf74	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-409	高圧縮データの不適切な処理 (データ増幅)	https://cwe.mitre.org/data/definitions/409.html