Main Vulnerability Database Vulnerabilities #VU133991

Improper Resource Shutdown or Release in aiohttp - #VU133991

Published: June 9, 2026

Vulnerability identifier: #VU133991

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-404

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: aio-libs

Affected software:
aiohttp

Detailed vulnerability description

The vulnerability allows a remote attacker to cause resource starvation.

The vulnerability exists due to improper resource shutdown in payload response handling when a client disconnects in the middle of a write. A remote attacker can disconnect during a response body write to cause resource starvation.

The issue can temporarily exhaust open files or similar limited resources until garbage collection or similar cleanup occurs.

Remediation

Install security update from vendor's website.

Sources

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9x8q-7h8h-wcw9
https://github.com/aio-libs/aiohttp/commit/a762eda5242f6490d6ba667533193f8b473ad587

Improper Resource Shutdown or Release in aiohttp - #VU133991

Detailed vulnerability description

Remediation

Sources

Please verify you're human