Sign In

CVE-2026-22815

ADVISORY - github

Summary

Summary

Insufficient restrictions in header/trailer handling could cause uncapped memory usage.

Impact

An application could cause memory exhaustion when receiving an attacker controlled request or response. A vulnerable web application could mitigate these risks with a typical reverse proxy configuration.

Patch: https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36

EPSS Score: 0.0004 (0.122)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

ADVISORY - github

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

ADVISORY - redhat

CWE-770

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in