CVE-2026-47265
ADVISORY - githubSummary
Summary
Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect.
Impact
If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect.
Workaround
If unable to upgrade, using a Cookie header in the headers parameter is not vulnerable.
Patch: https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda32478
Common Weakness Enumeration (CWE)
Origin Validation Error
Origin Validation Error
Insertion of Sensitive Information Into Sent Data
NIST
3.9
CVSS SCORE
6.6mediumGitHub
-
CVSS SCORE
6.6mediumAlpine
-
Debian
-
Ubuntu
3.9
CVSS SCORE
7.5mediumRed Hat
2.8
CVSS SCORE
6.5mediumChainguard
CGA-5f7q-7pmq-hq3r
-
minimos
MINI-3qx6-f9v4-cm5f
-
minimos
MINI-46cp-3mh2-pf8v
-
minimos
MINI-5w3v-6m3h-87rp
-
minimos
MINI-8h2r-56mc-wh5m
-
minimos
MINI-cqg6-55vh-344m
-
minimos
MINI-h3xf-2fp6-p8r7
-
minimos
MINI-m92c-q42m-2j54
-
minimos
MINI-mx9x-cjhh-q5fc
-
minimos
MINI-pgv3-38xq-rrxp
-
minimos
MINI-qwcv-j62w-f335
-
minimos
MINI-qxjm-g835-4rgp
-
minimos
MINI-r7hw-pxwf-qm2m
-
minimos
MINI-v4j3-4rp5-vh6c
-
minimos
MINI-vmg2-2rr6-9rhm
-