Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AC:H and UI:R because exploitation requires the application to invoke the opt-in save/load API and an attacker-controlled subdomain; only limited confidentiality impact applies.
Primary rating from Vendor (https://github.com/aio-libs/aiohttp).
CVSS VectorVendor: https://github.com/aio-libs/aiohttp
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Blast Radius
ecosystem impact- 42,718 pypi packages depend on aiohttp (14,813 direct, 28,685 indirect)
Ecosystem-wide dependent count for version 3.14.1.
DescriptionCVE.org
Summary
Host-only cookies that are saved with `CookieJar.save() and then restored later with CookieJar.load()` lose their host-only status.
Impact
Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed.
-----
Patch: https://github.com/aio-libs/aiohttp/commit/a329a7aacad5284f087af36103aff778746da0f2
AnalysisAI
Cookie scope escalation in aiohttp's CookieJar persistence layer causes host-only cookies to lose their host-restricted status after a save/load cycle, allowing them to be transmitted to subdomains that the original server never authorized to receive them. Applications using pip/aiohttp <= 3.14.0 that invoke CookieJar.save() and CookieJar.load() for session persistence are affected. No public exploit code has been identified at time of analysis, but the impact is information disclosure: sensitive cookies - including session tokens or authentication credentials - may be sent to unintended subdomain endpoints, violating the HTTP cookie scoping model.
Technical ContextAI
aiohttp (pkg:pip/aiohttp) is a widely-used Python asyncio-based HTTP client/server framework. The CookieJar class provides cookie management including optional disk persistence via save() and load() methods. Per RFC 6265, a host-only cookie is one set without an explicit Domain attribute; it must only be sent back to the exact origin host, not any of its subdomains. CWE-665 (Improper Initialization) captures the root cause: when CookieJar.load() restores cookies from disk, it fails to reinstate the host-only flag, effectively converting previously host-scoped cookies into domain-scoped cookies that match any subdomain of the original host. This is a serialization fidelity defect - a cookie attribute critical to security policy is dropped during the round-trip through disk storage.
RemediationAI
Upgrade aiohttp to version 3.14.1, which contains the upstream fix (commit a329a7aacad5284f087af36103aff778746da0f2) that restores proper host-only flag handling during CookieJar deserialization. The vendor advisory is available at https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2fqr-mr3j-6wp8. If an immediate upgrade is not feasible, the most effective compensating control is to avoid using CookieJar.save() and CookieJar.load() entirely and instead manage cookie persistence through application-layer session stores that correctly track cookie scope metadata. If persistence is required, manually audit the loaded cookie jar after each load() call and re-apply host-only restrictions by removing the Domain attribute from cookies that were originally host-scoped. Note that any existing persisted cookie files created by vulnerable versions should be treated as potentially corrupt with respect to host-only status and either regenerated after upgrading or validated manually.
Same weakness CWE-665 – Improper Initialization
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38310
GHSA-2fqr-mr3j-6wp8