async-http-client — Vulnerabilities & Security Advisories 2

All 2 CVE vulnerabilities found in async-http-client, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40490	AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects CWE-200	6.8	Medium	2026-04-18
CVE-2024-53990	AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s CWE-287	8.2	-	2024-12-02

All 2 known CVE vulnerabilities affecting async-http-client with full Chinese analysis, references, and POCs where available.