Medium5.9Red Hat Linux Updated
Denial of Service via incomplete websocket frame payloads
CVE-2026-54274 Published Jun 22, 2026Updated by vendor Jun 22, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Denial of Service via incomplete websocket frame payloads. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-770.
Affected versions
- < 3.14.1
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Update the aiohttp package to version 3.14.1 or later. Until updated builds are available, reduce exposure by not exposing aiohttp-based HTTP servers with WebSocket endpoints directly to untrusted networks. A reverse proxy or load balancer in front of the service can help limit abusive WebSocket traffic. Installations that use aiohttp only as an HTTP client, or that do not expose WebSocket endpoints, are not affected by this flaw.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.