CVE-2026-54278 is a medium-severity vulnerability in AIOHTTP, a Python asynchronous HTTP client/server framework. The issue allows for a potential denial of service (DoS) via decompression of a compressed request body into memory. This vulnerability, described as a 'zip bomb edge case,' can be exploited under specific conditions. The vulnerability was published on June 22, 2026, and patched in version 3.1 [truncated]
CVE-2026-54274 is a vulnerability in the AIOHTTP asynchronous HTTP client/server framework for asyncio and Python. An attacker can bypass the usual size limits on memory use by sending large incomplete WebSocket frame payloads. The vulnerability was fixed in version 3.14.1. This issue has a CVSS score of 6.6 and a severity of MEDIUM. The CVE was published on 2026-06-22T18:16:45.877Z and modified on 2026-0 [truncated]
