[Aikido] Fix 25 security issues in litellm, aiohttp

[aikido-autofix]

Upgrade litellm and aiohttp to fix critical RCE via untrusted code execution, authentication bypass via JWT cache collision, ASLR leak enabling heap overflow RCE, and null byte injection in HTTP headers.

✅ 25 CVEs resolved by this upgrade, including 4 critical 🚨 CVEs

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-22807	🚨 CRITICAL	[vllm] Unsafe loading of Hugging Face auto_map dynamic modules during model resolution without trust_remote_code validation allows arbitrary code execution at server startup if an attacker can control the model repo/path.
CVE-2026-22778	🚨 CRITICAL	[vllm] Invalid image handling leaks heap addresses, breaking ASLR protections and enabling remote code execution when chained with heap overflow vulnerabilities in image decoders.
CVE-2026-24779	HIGH	[vllm] A Server-Side Request Forgery (SSRF) vulnerability in the MediaConnector class allows attackers to bypass host restrictions using differing backslash interpretations between parsing libraries, enabling arbitrary requests to internal network resources and potential denial of service or data access.
CVE-2026-35030	🚨 CRITICAL	[litellm] JWT authentication cache uses only the first 20 characters of tokens as keys, allowing attackers to craft tokens matching legitimate users' cached tokens and assume their identity and permissions. This affects deployments with JWT/OIDC authentication enabled.
CVE-2026-35029	HIGH	[litellm] Unauthenticated /config/update endpoint allows authenticated users to modify proxy configuration, register malicious handlers, and execute arbitrary code, read files, or hijack admin accounts through environment variable manipulation.
GHSA-69x8-hrgq-fjj8	HIGH	[litellm] Weak unsalted SHA-256 password hashing combined with hash exposure in API responses and pass-the-hash login acceptance enables authentication bypass, allowing authenticated users to steal other users' password hashes and escalate privileges.
AIKIDO-2026-10161	MEDIUM	[litellm] Expired API keys are exposed in plaintext error responses, allowing attackers to capture and potentially reuse them if reactivated, violating secret-handling compliance requirements and enabling audit evasion or social engineering attacks.
CVE-2026-34520	🚨 CRITICAL	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.
CVE-2025-69223	HIGH	[aiohttp] A zip bomb vulnerability allows attackers to send compressed requests that exhaust server memory when decompressed, causing denial of service. An attacker can trigger excessive memory consumption on the AIOHTTP server through specially crafted compressed payloads.
CVE-2025-69227	HIGH	[aiohttp] A bypass of assert statements when Python optimizations are enabled allows attackers to trigger an infinite loop during POST body processing, causing a denial of service. The vulnerability affects applications using the Request.post() method with optimization flags enabled.
CVE-2025-69228	HIGH	[aiohttp] A vulnerability allows attackers to craft requests that cause uncontrolled memory consumption in servers using the Request.post() method, leading to denial of service through memory exhaustion. An attacker can freeze the server by triggering this memory filling behavior during request processing.
CVE-2026-34515	HIGH	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.
CVE-2026-34516	HIGH	[aiohttp] A response with an excessive number of multipart headers can consume more memory than intended, leading to a denial of service (DoS) vulnerability through resource exhaustion.
CVE-2026-34513	HIGH	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4.
CVE-2026-22815	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.
CVE-2025-69224	MEDIUM	[aiohttp] The Python HTTP parser allows request smuggling attacks when non-ASCII characters are present in pure Python mode, enabling attackers to bypass firewall and proxy protections. This vulnerability could lead to unauthorized request routing and security control evasion.
CVE-2025-69229	MEDIUM	[aiohttp] Chunked message handling causes excessive blocking CPU usage when processing large numbers of chunks, allowing attackers to trigger denial of service by consuming server resources and preventing other requests from being handled.
CVE-2025-69225	MEDIUM	[aiohttp] The HTTP Range header parser accepts non-ASCII decimal characters, potentially enabling request smuggling attacks. While no known exploits exist, this parsing flaw could allow attackers to bypass security controls or manipulate request interpretation.
CVE-2025-69226	MEDIUM	[aiohttp] Path normalization logic in static file handling allows attackers to enumerate absolute path components on the server through information disclosure. This vulnerability affects applications using web.static() and could enable attackers to map the filesystem structure.
CVE-2025-69230	MEDIUM	[aiohttp] A logging storm vulnerability exists where reading multiple invalid cookies can trigger excessive warning-level logs, potentially causing a denial of service through log flooding when an attacker sends a specially crafted Cookie header.
CVE-2026-34525	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.
CVE-2026-34514	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.
CVE-2026-34517	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4.
CVE-2026-34518	MEDIUM	[aiohttp] When following redirects to a different origin, the framework fails to drop the Cookie and Proxy-Authorization headers alongside the Authorization header, potentially leaking sensitive authentication credentials to untrusted domains.
CVE-2026-34519	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.