CVE-2026-34993 | aio-libs aiohttp up to 3.13.x CookieJar.load deserialization (GHSA-jg22-mg44-37j8)

A vulnerability was found in aio-libs aiohttp up to 3.13.x. It has been declared as problematic. This vulnerability affects the function CookieJar.load. The manipulation results in deserialization.

This vulnerability is reported as CVE-2026-34993. The attack requires a local approach. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More