All vulnerabilities
CVE-2025-69228
AIOHTTP vulnerable to denial of service through large payloads
Description
Summary
A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.
Impact
If an application includes a handler that uses the Request.post() method, an attacker may be able to freeze the server by exhausting the memory.
Patch: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
6.6
Severity
Medium
Ecosystem
Python
Publish Date
January 5, 2026
Modified Date
February 3, 2026
Score Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
Affected Versions
