CVE-2025-69226

Medium CVSS: 6.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3.

Vendor

Aiohttp

Product

Aiohttp

CWE

CWE-22

Yayın Tarihi

2026-01-05 23:15:40

Güncelleme

2026-01-14 19:16:23

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Aiohttp MEDIUM Aiohttp 2026

Referanslar

https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76

Benzer Kayıtlar

Medium

CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient re…

Medium

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an i…

Medium

CVE-2025-69228

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a reques…

Medium

CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling o…

Low

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading mu…

Low

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser…