CVE-2026-54274

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 22, 2026

Vendor unknown

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1.

References

https://github.com/aio-libs/aiohttp/commit/14b6ee851fb16ec199acb950de0c82d476799e7d
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xcgm-r5h9-7989