Primary

Context

AIOHTTP Static Resource Handler Information Exposure Vulnerability on Windows

Vulnerability

Patched

A vulnerability exists in AIOHTTP versions prior to 3.13.4, specifically on Windows systems. The static resource handler may inadvertently reveal information about a remote NTLMv2 path. This exposure could potentially allow an attacker to extract NTLMv2 hashes and retrieve user credentials, especially if the application is using AIOHTTP's static resource handler in a production environment.

Impact

Exploitation of this vulnerability could lead to unauthorized access to NTLMv2 hashes, allowing for the extraction of user credentials.

Remediation

Users can upgrade to AIOHTTP version 3.13.4 or later to address this vulnerability.

Added: Apr 1, 2026, 9:53 PM

Updated: Apr 1, 2026, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.5

remediation

7.7

relevance

5.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.5

remediation

7.7

relevance

5.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AIOHTTP Static Resource Handler Information Exposure Vulnerability on Windows

Vulnerability

Impact

Remediation

Affected Products

aio-libs aiohttp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating