CVE-2026-34518

ADVISORY - github

Summary

When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers.

Impact

The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following a redirect.

Patch: https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6

EPSS Score⁠: 0.0004 (0.122)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - github

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - redhat

CWE-497⁠

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Impacted images

Advisories

NIST

CREATED

3 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-34518⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-200⁠

CVSS SCORE

2.7low

GitHub

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDGHSA-966j-vmvw-g2g9⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-200⁠

CVSS SCORE

2.7low

Debian

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-34518⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-34518⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-34518⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-497⁠

CVSS SCORE

3.7low

Chainguard

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

CGA-c2p6-689m-2c8f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY