Vulnerability in Aio-libs Aiohttp
CVE-2026-54275
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same…
Affected products
- Aio-libs Aiohttp — versions < 3.14.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)