Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2026-34516

CVE-2026-34516

HIGH7.5

AIOHTTP: Multipart Header Size Bypass

Published Apr 1, 2026

Modified 2 weeks ago

Details

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13.4.

References

https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f

https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647

https://www.cve.org/CVERecord?id=CVE-2026-34516

CVSS Analysis

CVSS v4.0

6.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

6.6/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Weakness Type (CWE)

Resource Management

Allocation without Limits

Ecosystems

Timeline

PublishedApr 1, 2026

ModifiedApr 4, 2026

CVE-2026-34516 | Mondoo Vulnerability Intelligence