Skip to content

HTTP/1 Pipelined Requests Queue Without Limit

Low
Dreamsorcerer published GHSA-4fvr-rgm6-gqmc Jun 8, 2026

Package

pip aiohttp (pip)

Affected versions

<=3.14.0

Patched versions

3.14.1

Description

Summary

No limit was present on the number of pipelined requests that could be queued.

Impact

An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.


Patch: dfdfa9d

Severity

Low

CVE ID

CVE-2026-54273

Weaknesses

No CWEs

Credits