Sign In

CVE-2026-47265

ADVISORY - github

Summary

Summary

Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect.

Impact

If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect.

Workaround

If unable to upgrade, using a Cookie header in the headers parameter is not vulnerable.

Patch: https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda32478

EPSS Score: 0.00019 (0.054)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-346

Origin Validation Error

ADVISORY - github

CWE-346

Origin Validation Error

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in