CVE-2026-47265

Published: Giu 02, 2026 Last Modified: Giu 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Version 3.14.0 patches the issue. If unable to upgrade, using a `Cookie` header in the `headers` parameter is not vulnerable.

346

Origin Validation Error

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Other

Potential Impacts:

Gain Privileges Or Assume Identity Varies By Context

Applicable Platforms

Technologies: Not Technology-Specific, Web Based

View CWE Details

https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4b…

https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda3…

https://github.com/aio-libs/aiohttp/security/advisories/GHS…

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hg6j-4rv6-33pg

CVE-2026-47265

Description

Origin Validation Error

Common Consequences

Applicable Platforms

Iscriviti alla newsletter