CVE-2026-34993EPSS p1.9%

CVE-2026-34993CVE-2026-34993

aiohttp / aiohttp

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Version 3.14.0 patches the issue. If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitize the files before loading.

Scoring

CVSS 6.4 ()
VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
EPSS0.11% probability of exploitation · percentile 1.9% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-47265
CVE
CVE-2026-34520
CVE
CVE-2026-45300
CVE
CVE-2026-28780
CVE
CVE-2026-39981
CVE
CVE-2026-23802
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.