CVE-2026-47265 Overview
CVE-2026-47265 affects AIOHTTP, an asynchronous HTTP client/server framework for Python's asyncio. Versions prior to 3.14.0 fail to strip cookies passed via the cookies request parameter when the client follows a cross-origin redirect. An attacker who controls a redirect destination can receive sensitive session cookies intended for the original host. The flaw is tracked under CWE-346: Origin Validation Error and was patched in version 3.14.0.
Critical Impact
Per-request cookies set through the cookies parameter leak to attacker-controlled origins following an HTTP redirect, enabling session theft and credential exposure.
Affected Products
- AIOHTTP versions prior to 3.14.0
- Python applications using aiohttp.ClientSession with the cookies= per-request parameter
- Downstream services and libraries that wrap aiohttp client requests with user-supplied cookies
Discovery Timeline
- 2026-06-02 - CVE-2026-47265 published to NVD
- 2026-06-02 - Last updated in NVD database
Technical Details for CVE-2026-47265
Vulnerability Analysis
The vulnerability resides in the redirect handling logic of the AIOHTTP client. When a request is issued with cookies supplied through the cookies keyword argument, AIOHTTP attaches those cookies to the outbound request. If the server responds with a redirect to a different origin, the client should strip credential material before re-issuing the request. Prior to version 3.14.0, the client cleared the Authorization, Cookie, and Proxy-Authorization headers but failed to clear the in-memory cookies variable used to build the subsequent request. As a result, cookies were re-attached to the redirected request even when the destination origin differed from the originating host.
Root Cause
The root cause is missing origin validation on per-request cookie state. The redirect path in aiohttp/client.py reset header values when url.origin() != redirect_origin but did not reset the cookies local variable. Cookies passed through the cookies= parameter therefore persisted across origin boundaries, violating the same-origin expectation developers assume for sensitive credentials.
Attack Vector
Exploitation requires an attacker to control a redirect target reached by an AIOHTTP client request that supplies cookies via the cookies parameter. This commonly occurs when applications fetch user-supplied URLs, follow shortened links, or interact with third-party APIs that can return 3xx responses pointing to attacker infrastructure. The attacker's endpoint receives the leaked cookies in the Cookie header and can replay them against the original service. The patch adds a single line that nulls the cookies variable when the redirect crosses an origin boundary.
if url.origin() != redirect_origin:
auth = None
+ cookies = None
headers.pop(hdrs.AUTHORIZATION, None)
headers.pop(hdrs.COOKIE, None)
headers.pop(hdrs.PROXY_AUTHORIZATION, None)
Source: aiohttp commit f54c408 — the fix drops per-request cookies on cross-origin redirect, matching the existing behavior for the Authorization and Cookie headers.
Detection Methods for CVE-2026-47265
Indicators of Compromise
- Outbound HTTP requests from Python services containing Cookie headers directed at unexpected external hosts following a 3xx redirect chain.
- Web proxy logs showing redirect responses from monitored APIs pointing to domains outside the application's expected allowlist.
- Repeated authenticated requests originating from IP addresses not associated with the legitimate user population, indicating cookie replay.
Detection Strategies
- Inventory Python codebases for aiohttp versions below 3.14.0 using pip list, pip-audit, or SBOM tooling.
- Identify code paths that pass user-controlled URLs to ClientSession.request(), session.get(), or session.post() with a cookies= argument.
- Inspect HTTP egress telemetry for redirect chains that traverse origins while carrying session cookies.
Monitoring Recommendations
- Log redirect targets at the application layer and alert when a redirect crosses to a domain outside the allowlist.
- Correlate authentication events with source IP changes to detect cookie reuse from unexpected locations.
- Track dependency manifests (requirements.txt, pyproject.toml, poetry.lock) for vulnerable aiohttp ranges in CI pipelines.
How to Mitigate CVE-2026-47265
Immediate Actions Required
- Upgrade aiohttp to version 3.14.0 or later in all production and development environments.
- Audit application code for use of the per-request cookies= parameter and review whether the requests can encounter attacker-controlled redirects.
- Rotate any session tokens or API credentials that may have been transmitted through vulnerable redirect flows.
Patch Information
The issue is resolved in AIOHTTP 3.14.0 through the change in commit f54c408. The fix sets cookies = None when the redirect origin differs from the original request origin. Full advisory details are available in the GitHub Security Advisory GHSA-hg6j-4rv6-33pg.
Workarounds
- Pass cookies through the headers parameter as a Cookie header instead of the cookies keyword argument; the header path is stripped on cross-origin redirect and is not vulnerable.
- Disable automatic redirect following by setting allow_redirects=False and handling redirects explicitly with origin validation.
- Restrict outbound HTTP egress to an allowlist of trusted destinations to limit the impact of attacker-controlled redirects.
# Upgrade aiohttp to the patched release
pip install --upgrade 'aiohttp>=3.14.0'
# Verify the installed version
python -c "import aiohttp; print(aiohttp.__version__)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
