CVE-2026-34519

ADVISORY - github

Summary

An attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits.

Impact

In the unlikely situation that an application allows untrusted data to be used in the response's reason parameter, then an attacker could manipulate the response to send something different from what the developer intended.

Patch: https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b

EPSS Score⁠: 0.00045 (0.138)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-113⁠

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

ADVISORY - github

CWE-113⁠

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

ADVISORY - redhat

CWE-1286⁠

Improper Validation of Syntactic Correctness of Input

Impacted images

Advisories

NIST

CREATED

3 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-34519⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-113⁠

CVSS SCORE

2.7low

GitHub

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDGHSA-mwh4-6h8g-pg8w⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-113⁠

CVSS SCORE

2.7low

Debian

CREATED

2 days ago

UPDATED

13 hours ago

ADVISORY IDCVE-2026-34519⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-34519⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-34519⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1286⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY ID

CGA-8cvv-36q4-wwx8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY