CVE-2026-34513: CWE-770: Allocation of Resources Without Limits or Throttling in aio-libs aiohttp
CVE-2026-34513 is a low-severity vulnerability in aio-libs aiohttp versions prior to 3. 13. 4. It involves an unbounded DNS cache that can lead to excessive memory consumption, potentially causing a denial of service (DoS). The issue arises from allocation of resources without limits or throttling (CWE-770). This vulnerability has been addressed in aiohttp version 3. 13. 4.
AI Analysis
Technical Summary
The aiohttp asynchronous HTTP client/server framework for Python had a vulnerability (CVE-2026-34513) where its DNS cache was unbounded in versions before 3.13.4. This lack of limits on resource allocation could cause excessive memory usage, which might result in a denial of service condition. The vulnerability is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling). The issue was patched in version 3.13.4 of aiohttp.
Potential Impact
Exploitation of this vulnerability could cause the affected aiohttp application to consume excessive memory due to an unbounded DNS cache, potentially leading to denial of service by exhausting system resources. The CVSS 4.0 base score is 2.7, indicating low severity and limited impact.
Mitigation Recommendations
Upgrade aiohttp to version 3.13.4 or later, where this vulnerability has been fixed. No other mitigation is necessary as the patch fully addresses the issue.
CVE-2026-34513: CWE-770: Allocation of Resources Without Limits or Throttling in aio-libs aiohttp
Description
CVE-2026-34513 is a low-severity vulnerability in aio-libs aiohttp versions prior to 3. 13. 4. It involves an unbounded DNS cache that can lead to excessive memory consumption, potentially causing a denial of service (DoS). The issue arises from allocation of resources without limits or throttling (CWE-770). This vulnerability has been addressed in aiohttp version 3. 13. 4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The aiohttp asynchronous HTTP client/server framework for Python had a vulnerability (CVE-2026-34513) where its DNS cache was unbounded in versions before 3.13.4. This lack of limits on resource allocation could cause excessive memory usage, which might result in a denial of service condition. The vulnerability is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling). The issue was patched in version 3.13.4 of aiohttp.
Potential Impact
Exploitation of this vulnerability could cause the affected aiohttp application to consume excessive memory due to an unbounded DNS cache, potentially leading to denial of service by exhausting system resources. The CVSS 4.0 base score is 2.7, indicating low severity and limited impact.
Mitigation Recommendations
Upgrade aiohttp to version 3.13.4 or later, where this vulnerability has been fixed. No other mitigation is necessary as the patch fully addresses the issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T16:03:31.047Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cec35ae6bfc5ba1dfb4d00
Added to database: 4/2/2026, 7:28:26 PM
Last enriched: 4/10/2026, 12:01:39 AM
Last updated: 5/20/2026, 8:52:24 PM
Views: 64
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.