{ "threat_severity" : "Moderate", "public_date" : "2026-04-03T02:25:57Z", "bugzilla" : { "description" : "tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments", "id" : "2454716", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2454716" }, "cvss3" : { "cvss3_base_score" : "5.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-88", "details" : [ "In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.", "A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the `domain`, `path`, and `samesite` arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or manipulation of client-side data." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13641", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "python-tornado-0:6.5.5-1.el10_1.1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19034", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "python-tornado-0:6.5.5-1.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:20577", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "python-tornado-0:6.4.2-1.el10_0.2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13670", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python-tornado-0:6.5.5-1.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19189", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python-tornado-0:6.5.5-1.el9_8" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:20573", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "python-tornado-0:6.4.2-1.el9_2.2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:20810", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "python-tornado-0:6.4.2-1.el9_4.2" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:20572", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "python-tornado-0:6.4.2-2.el9_6.3" } ], "package_state" : [ { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "external-secrets-operator/bitwarden-sdk-server-rhel9", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "external-secrets-operator/external-secrets-operator-bundle", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "external-secrets-operator/external-secrets-operator-rhel9", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "external-secrets-operator/external-secrets-rhel9", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "Lightspeed Core", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "cpe" : "cpe:/a:redhat:lightspeed_core" }, { "product_name" : "Lightspeed Core", "fix_state" : "Not affected", "package_name" : "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9", "cpe" : "cpe:/a:redhat:lightspeed_core" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Not affected", "package_name" : "openshift-lightspeed/lightspeed-ocp-rag-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "python-tornado", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-rocm-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/disk-image-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-llama-stack-core-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-mlflow-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-trustyai-nemo-guardrails-server-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "python-pep517", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "python-tornado", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Under investigation", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-35536\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-35536\nhttps://github.com/tornadoweb/tornado/releases/tag/v6.5.5\nhttps://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7" ], "name" : "CVE-2026-35536", "csaw" : false }