Sign In

CVE-2026-47265

ADVISORY - github

Summary

Summary

Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect.

Impact

If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect.

Workaround

If unable to upgrade, using a Cookie header in the headers parameter is not vulnerable.

Patch: https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda32478

EPSS Score: 0.00019 (0.054)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-346

Origin Validation Error

ADVISORY - github

CWE-346

Origin Validation Error

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-47265
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-346

CVSS SCORE

6.6medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-hg6j-4rv6-33pg
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-346

CVSS SCORE

6.6medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-47265
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2026-47265
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium