Is there a patch available for CVE-2026-34519?

Yes, a patch is available for CVE-2026-34519. Update the affected software to the latest version immediately.

Python CVE-2026-34519

Q: What is the CVSS score of CVE-2026-34519?

CVE-2026-34519 has a CVSS 4.0 base score of 2.7 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-18044 LOW

HTTP Response Splitting (CWE-113)

2026-04-01 GitHub_M

GHSA-mwh4-6h8g-pg8w

Python Code Injection

2.7

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Apr 02, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Apr 01, 2026 - 21:00 euvd

EUVD-2026-18044

Analysis Generated

Apr 01, 2026 - 21:00 vuln.today

CVE Published

Apr 01, 2026 - 20:26 nvd

LOW 2.7

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

127 pypi packages depend on aiohttp (38 direct, 89 indirect)

Ecosystem-wide dependent count for version 3.13.4.

DescriptionNVD

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.

AnalysisAI

Header injection in AIOHTTP prior to version 3.13.4 allows remote attackers to inject arbitrary HTTP headers or conduct similar exploits by controlling the reason parameter when creating a Response object. The vulnerability has low real-world impact (CVSS 2.7, EPSS not available) and requires the attacker to control application-level input that directly influences the reason parameter; no public exploit code or active exploitation has been identified. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-34519 vulnerability details – vuln.today

Back