CVE-2026-34513: AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector

April 1, 2026 (updated April 6, 2026)

An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.

References

github.com/advisories/GHSA-hcc4-c3v8-rx92
github.com/aio-libs/aiohttp
github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
github.com/aio-libs/aiohttp/releases/tag/v3.13.4
github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
nvd.nist.gov/vuln/detail/CVE-2026-34513

Code Behaviors & Features

Detect and mitigate CVE-2026-34513 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →