Red Hat Product Errata RHSA-2026:20572 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20572 - Security Advisory Overview Updated Packages Synopsis Moderate: python-tornado security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python-tornado is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958) tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2446765 - CVE-2026-31958 tornado-python: Tornado: Denial of Service via large multipart bodies BZ - 2454716 - CVE-2026-35536 tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments CVEs CVE-2026-31958 CVE-2026-35536 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 x86_64 python-tornado-debugsource-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 243fef861eb562031ed69c24455f7ddecdceee297d0492d9fc3b79de0d9bd209 python3-tornado-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 6737ef787e6ada0d923fe26452a072254e3c42267b541bc0614906c212b3d5b6 python3-tornado-debuginfo-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 38f405ae23205830a49daac61114b4fa9d02d5e137fef16f7d9a77bbc95efdbf Red Hat Enterprise Linux Server - AUS 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 x86_64 python-tornado-debugsource-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 243fef861eb562031ed69c24455f7ddecdceee297d0492d9fc3b79de0d9bd209 python3-tornado-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 6737ef787e6ada0d923fe26452a072254e3c42267b541bc0614906c212b3d5b6 python3-tornado-debuginfo-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 38f405ae23205830a49daac61114b4fa9d02d5e137fef16f7d9a77bbc95efdbf Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 s390x python-tornado-debugsource-6.4.2-2.el9_6.3.s390x.rpm SHA-256: bc349574e0e810d63a3ce72aa6264740157c8c1c8ef290afe5e0051a11c52873 python3-tornado-6.4.2-2.el9_6.3.s390x.rpm SHA-256: 38a2153de8d919afb6150f6801fcaefff8507beec7acd2d7dfc0a920c00516bb python3-tornado-debuginfo-6.4.2-2.el9_6.3.s390x.rpm SHA-256: 7a6ceee7287d73e99bc6ee4d7d31caa0cc149db614d385152f41c04a7ab83444 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 ppc64le python-tornado-debugsource-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: 3b4f151f4d43cbb263c74fa5b860608e7716d35ba6efee6064ec70ab9137723d python3-tornado-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: 75968de917a89752edf4b8c614429b5798ddbbe5058765998044196afa5ef593 python3-tornado-debuginfo-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: ee066e9ccc9c274ad943d2f885202706e95ecdbc0db8ef5281852345c1b5ec5a Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 aarch64 python-tornado-debugsource-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: 069e938b56188b2205b3653ec5ae4ded35a797afbdfed6324418fe579c1c78a6 python3-tornado-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: a0b9a94b02789fdea1315a27ce9b069e2cc6f267060efa8bb912725ee398f0a0 python3-tornado-debuginfo-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: fdc2bf680d4c696ae42e8d76382b18174e59af9511329e27ea84bbb5aee8d057 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 ppc64le python-tornado-debugsource-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: 3b4f151f4d43cbb263c74fa5b860608e7716d35ba6efee6064ec70ab9137723d python3-tornado-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: 75968de917a89752edf4b8c614429b5798ddbbe5058765998044196afa5ef593 python3-tornado-debuginfo-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: ee066e9ccc9c274ad943d2f885202706e95ecdbc0db8ef5281852345c1b5ec5a Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 x86_64 python-tornado-debugsource-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 243fef861eb562031ed69c24455f7ddecdceee297d0492d9fc3b79de0d9bd209 python3-tornado-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 6737ef787e6ada0d923fe26452a072254e3c42267b541bc0614906c212b3d5b6 python3-tornado-debuginfo-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 38f405ae23205830a49daac61114b4fa9d02d5e137fef16f7d9a77bbc95efdbf Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 aarch64 python-tornado-debugsource-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: 069e938b56188b2205b3653ec5ae4ded35a797afbdfed6324418fe579c1c78a6 python3-tornado-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: a0b9a94b02789fdea1315a27ce9b069e2cc6f267060efa8bb912725ee398f0a0 python3-tornado-debuginfo-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: fdc2bf680d4c696ae42e8d76382b18174e59af9511329e27ea84bbb5aee8d057 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 s390x python-tornado-debugsource-6.4.2-2.el9_6.3.s390x.rpm SHA-256: bc349574e0e810d63a3ce72aa6264740157c8c1c8ef290afe5e0051a11c52873 python3-tornado-6.4.2-2.el9_6.3.s390x.rpm SHA-256: 38a2153de8d919afb6150f6801fcaefff8507beec7acd2d7dfc0a920c00516bb python3-tornado-debuginfo-6.4.2-2.el9_6.3.s390x.rpm SHA-256: 7a6ceee7287d73e99bc6ee4d7d31caa0cc149db614d385152f41c04a7ab83444 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 x86_64 python-tornado-debugsource-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 243fef861eb562031ed69c24455f7ddecdceee297d0492d9fc3b79de0d9bd209 python3-tornado-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 6737ef787e6ada0d923fe26452a072254e3c42267b541bc0614906c212b3d5b6 python3-tornado-debuginfo-6.4.2-2.el9_6.3.x86_64.rpm SHA-256: 38f405ae23205830a49daac61114b4fa9d02d5e137fef16f7d9a77bbc95efdbf Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 aarch64 python-tornado-debugsource-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: 069e938b56188b2205b3653ec5ae4ded35a797afbdfed6324418fe579c1c78a6 python3-tornado-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: a0b9a94b02789fdea1315a27ce9b069e2cc6f267060efa8bb912725ee398f0a0 python3-tornado-debuginfo-6.4.2-2.el9_6.3.aarch64.rpm SHA-256: fdc2bf680d4c696ae42e8d76382b18174e59af9511329e27ea84bbb5aee8d057 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89538038d7831cc80111 ppc64le python-tornado-debugsource-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: 3b4f151f4d43cbb263c74fa5b860608e7716d35ba6efee6064ec70ab9137723d python3-tornado-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: 75968de917a89752edf4b8c614429b5798ddbbe5058765998044196afa5ef593 python3-tornado-debuginfo-6.4.2-2.el9_6.3.ppc64le.rpm SHA-256: ee066e9ccc9c274ad943d2f885202706e95ecdbc0db8ef5281852345c1b5ec5a Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 SRPM python-tornado-6.4.2-2.el9_6.3.src.rpm SHA-256: 8ecd8149e81a616db5db7cf3ea84f3aba2dfd609c4ad89