CVE-2026-54277

ADVISORY - github

Summary

It is possible to bypass the max_line_size check in parts of an HTTP request in the C parser.

Impact

If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potentially leading to DoS.

Patch: https://github.com/aio-libs/aiohttp/commit/5ab61bb4cd88f19b712f12c7c9295fe262bf804d

EPSS Score⁠: 0.00024 (0.072)

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-770⁠

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.