AIOHTTP Vulnerable to Cookie Parser Warning Storm

GHSA-fh55-r93g-j68g · CVE-2025-69230

Published Jan 5, 2026 · Modified Feb 4, 2026

Description

Summary

Reading multiple invalid cookies can lead to a logging storm.

Impact

If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.

Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326

References

WEB https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-69230
WEB https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
PACKAGE https://github.com/aio-libs/aiohttp

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes