ROOT-APP-PYPI-CVE-2026-35536 CVE-2026-35536 in rootio-tornado - Patched by Root

Root has patched CVE-2026-35536 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2026-35536

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2026-35536.This bulletin contains information addressing the vulnerability. Vulnerability...

RHEL 9 : python-tornado (RHSA-2026:20572)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20572 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RockyLinux 9 : python-tornado (RLSA-2026:19189)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19189 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handli...

Amazon Linux 2 : python-tornado, --advisory ALAS2-2026-3286 (ALAS-2026-3286)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3286 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to...

MiracleLinux 9 : python-tornado-6.5.5-1.el9_7.1 (AXSA:2026-556:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-556:01 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper...

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Python Library Tornado < 6.5.5 Multiple Vulnerabilities

The version of the Tornado Python library installed on the remote host is prior to 6.5.5. It is, therefore, affected by multiple vulnerabilities: - Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i...

CVE-2026-35536 vulnerabilities

Vulnerabilities for packages: mitmproxy...

CVE-2026-35536 vulnerabilities

Vulnerabilities for packages: mitmproxy...

Linux Distros Unpatched Vulnerability : CVE-2026-35536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked f...

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +890 more potentially affected by CVE-2026-35536 via tornado (>=3.0.0 <=6.5.4)

tornado PYPI version =3.0.0, =0.0.0, =0.0.3, =0.0.5, =1.0.0, =1.0.0, =0.31.0, =1.0.0, =1.3.0, =3.3.3, =0.1.23, =0.0.9.1, =0.20.0, =0.21.0 and more Source cves: CVE-2026-35536 Source advisory: OSV:GHSA-FQWM-6JPJ-5WXC...

CVE-2026-35536

creationtimestamp| type| source ---|---|--- 2026-04-03 04:05:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miktqoyjm523 2026-04-03 05:15:36+00:00| published-proof-of-concept| Telegram/pXUM2jaw9GgU28Sl0meXOcFoAiVepufvCfRhEfvGcf7OCXo...

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +659 more potentially affected by CVE-2026-35536 via tornado (>=6.0.0 <=6.5.4)

tornado PYPI version =6.0.0, =0.0.0, =0.7.3, =0.0.5, =1.0.0, =1.0.0, =0.31.0, =1.3.0, =0.1.23, =0.0.9.1, =0.20.0, =0.9.5, =22.5.13, =26.2.0 and more Source cves: CVE-2026-35536 Source advisory: SNYK:PYTHON-TORNADO-15467448...