Red Hat Security Advisory: python-tornado security update
Two security vulnerabilities affecting the python-tornado package in Red Hat Enterprise Linux 9. 4 have been addressed. The first (CVE-2026-31958) involves a denial of service condition triggered by large multipart bodies. The second (CVE-2026-35536) concerns cookie attribute injection due to improper handling of cookie arguments. Red Hat has released updated python-tornado packages to remediate these issues. The advisory rates the security impact as moderate. No known exploits in the wild have been reported. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to mitigate these vulnerabilities.
AI Analysis
Technical Summary
Red Hat Product Security issued an advisory (RHSA-2026:20810) for python-tornado in Red Hat Enterprise Linux 9.4 addressing two vulnerabilities: CVE-2026-31958, a denial of service vulnerability caused by processing large multipart bodies, and CVE-2026-35536, a cookie attribute injection vulnerability due to improper handling of cookie arguments. The advisory provides updated package versions to fix these issues. The vulnerabilities are rated with moderate impact and affect multiple architectures supported by Red Hat Enterprise Linux 9.4. No CVSS scores are provided in the advisory, but the severity is classified as moderate.
Potential Impact
The vulnerabilities could allow an attacker to cause a denial of service by sending large multipart bodies to the Tornado server (CVE-2026-31958) or to inject cookie attributes improperly due to incorrect handling of cookie arguments (CVE-2026-35536). These issues may affect the reliability and security of applications using python-tornado on affected Red Hat Enterprise Linux 9.4 systems. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
Red Hat has released updated python-tornado packages for Red Hat Enterprise Linux 9.4 that address these vulnerabilities. Users should apply these official updates as described in the Red Hat advisory (https://access.redhat.com/articles/11258) to remediate the issues. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: python-tornado security update
Description
Two security vulnerabilities affecting the python-tornado package in Red Hat Enterprise Linux 9. 4 have been addressed. The first (CVE-2026-31958) involves a denial of service condition triggered by large multipart bodies. The second (CVE-2026-35536) concerns cookie attribute injection due to improper handling of cookie arguments. Red Hat has released updated python-tornado packages to remediate these issues. The advisory rates the security impact as moderate. No known exploits in the wild have been reported. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to mitigate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security issued an advisory (RHSA-2026:20810) for python-tornado in Red Hat Enterprise Linux 9.4 addressing two vulnerabilities: CVE-2026-31958, a denial of service vulnerability caused by processing large multipart bodies, and CVE-2026-35536, a cookie attribute injection vulnerability due to improper handling of cookie arguments. The advisory provides updated package versions to fix these issues. The vulnerabilities are rated with moderate impact and affect multiple architectures supported by Red Hat Enterprise Linux 9.4. No CVSS scores are provided in the advisory, but the severity is classified as moderate.
Potential Impact
The vulnerabilities could allow an attacker to cause a denial of service by sending large multipart bodies to the Tornado server (CVE-2026-31958) or to inject cookie attributes improperly due to incorrect handling of cookie arguments (CVE-2026-35536). These issues may affect the reliability and security of applications using python-tornado on affected Red Hat Enterprise Linux 9.4 systems. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
Red Hat has released updated python-tornado packages for Red Hat Enterprise Linux 9.4 that address these vulnerabilities. Users should apply these official updates as described in the Red Hat advisory (https://access.redhat.com/articles/11258) to remediate the issues. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:20810
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-35536"]
- Cvss Version
- null
Threat ID: 6a160976e29bf47b506413db
Added to database: 5/26/2026, 8:58:30 PM
Last enriched: 5/26/2026, 11:49:39 PM
Last updated: 5/27/2026, 4:52:23 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.