Information Exposure in AIOHTTP Framework on Windows
CVE-2026-34515

6.6MEDIUM

Key Information:

Vendor

Aio-libs

Status
Aiohttp
Vendor
CVE Published:
1 April 2026

What is CVE-2026-34515?

A vulnerability in the AIOHTTP framework allows for potential information exposure through the static resource handler on Windows systems, specifically revealing details about NTLMv2 remote paths. This issue, present in versions prior to 3.13.4, has been addressed in the latest update, emphasizing the importance of keeping dependencies up to date to maintain application security.

Affected Version(s)

aiohttp < 3.13.4

References

https://github.com/aio-libs/aiohttp/security/advisories/G...
x_refsource_CONFIRM
https://github.com/aio-libs/aiohttp/commit/0ae2aa076c8457...
x_refsource_MISC
https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.