CVE-2026-34515

Summary

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.

Affected Software

VendorProductVersion RangeStatus
aio-libsaiohttp< 3.13.4affected

Weaknesses

  • CWE-36: CWE-36: Absolute Path Traversal
  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References