Root has patched CVE-2026-54276 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available.
{ "distro": "pypi", "source": "Root", "distro_version": "", "severity": "MEDIUM" }
[ "3.12.15+root.io.6", "3.14.0+root.io.2" ]
"root.io.2"
2.0
"https://api.root.io/external/osv/ROOT-APP-PYPI-CVE-2026-54276.json"
true
"3.14.0"