Bug 2491448 (CVE-2026-50269)
| Summary: | CVE-2026-50269 aiohttp: AIOHTTP: CRLF injection in multipart headers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | alinfoot, anpicker, anthomas, aprice, bbrownin, bdettelb, bparees, brasmith, cahl, cochase, dfreiber, doconnor, dranck, drow, dschmidt, dtrifiro, ehelms, ggainey, gtanzill, hasun, ilpinto, jburrell, jbuscemi, jdobes, jfula, jkoehler, jlanda, jmitchel, jowilson, jpasqual, jsamir, juwatts, jwong, kaycoth, kshier, lichen, ljawale, lphiri, ltomasbo, mbarnett, mhulan, msilmser, nmoumoul, nyancey, oezr, omaciel, ometelka, orabin, osousa, pakotvan, pbohmill, pcreech, ptisnovs, rbryant, rchan, rjohnson, simaishi, smallamp, stcannon, sthirugn, syedriko, teagle, tmalecek, ttakamiy, vkumar, weaton, xdharmai, xialiu, yguenane, ykashtan, zzhou |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in aiohttp, an asynchronous HTTP client/server framework. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, allows an attacker to modify HTTP requests by injecting malicious input into multipart or payload headers. If an application processes user-controlled data in these headers, an attacker could potentially alter the request's content or inject new headers, leading to unintended application behavior.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-06-22 18:01:58 UTC
|