- What: Security update for python-tornado in Red Hat Enterprise Linux
- Impact: Systems using vulnerable versions may be exposed to security risks
Red Hat Product Errata RHSA-2026:20810 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20810 - Security Advisory Overview Updated Packages Synopsis Moderate: python-tornado security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python-tornado is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958) tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2446765 - CVE-2026-31958 tornado-python: Tornado: Denial of Service via large multipart bodies BZ - 2454716 - CVE-2026-35536 tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments CVEs CVE-2026-31958 CVE-2026-35536 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e x86_64 python-tornado-debugsource-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 4dbcaf99f567dc7b724c66d5b712b3af497a3cf34db3d20dc7bb0bfa406ae328 python3-tornado-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 3af895b1c791c110f49f9098f4f3866425b7a40a53d1463c0c774c65656f35ef python3-tornado-debuginfo-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: a678a48664ae4ff6395846328e4b3595009c2ecdc88594136467d777899ca1c4 Red Hat Enterprise Linux Server - AUS 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e x86_64 python-tornado-debugsource-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 4dbcaf99f567dc7b724c66d5b712b3af497a3cf34db3d20dc7bb0bfa406ae328 python3-tornado-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 3af895b1c791c110f49f9098f4f3866425b7a40a53d1463c0c774c65656f35ef python3-tornado-debuginfo-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: a678a48664ae4ff6395846328e4b3595009c2ecdc88594136467d777899ca1c4 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e s390x python-tornado-debugsource-6.4.2-1.el9_4.2.s390x.rpm SHA-256: 5f4654c516f99870aa20f1458b6263d6eaa473620d0962bf3c2783e6237cc331 python3-tornado-6.4.2-1.el9_4.2.s390x.rpm SHA-256: f72ebd8fa5436a183bbed63196ce72b748729accf4b119556df5d61544691497 python3-tornado-debuginfo-6.4.2-1.el9_4.2.s390x.rpm SHA-256: 0b0b5135aa7599559bf1a19510b2a43c32464c0b4da5455ae281141707c448ec Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e ppc64le python-tornado-debugsource-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: 93f572d9788ece65cf370c08b496ab00cec06553458f6eaf38daf15d99edb788 python3-tornado-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: 0601da3ab575e93642152cd46c08dbf18c95922f1724ae74d143cc508523d312 python3-tornado-debuginfo-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: c68fdb305b2f38e46a9c61987de59b15ce94020f9476b1cc16665d39bbf6a274 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e aarch64 python-tornado-debugsource-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: ceb8c5d49cc025732d902d020938d785463f803fd4b4a6f865e9d9cc177ba935 python3-tornado-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: f96a0111f05247b710befd766477b9ecf6000e1b7e614886a8e8c68d0e1818ee python3-tornado-debuginfo-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: bf4fc7a703bfbb8aca75b21d86d49db1d6be2375296896842c50711c6461d225 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e ppc64le python-tornado-debugsource-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: 93f572d9788ece65cf370c08b496ab00cec06553458f6eaf38daf15d99edb788 python3-tornado-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: 0601da3ab575e93642152cd46c08dbf18c95922f1724ae74d143cc508523d312 python3-tornado-debuginfo-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: c68fdb305b2f38e46a9c61987de59b15ce94020f9476b1cc16665d39bbf6a274 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e x86_64 python-tornado-debugsource-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 4dbcaf99f567dc7b724c66d5b712b3af497a3cf34db3d20dc7bb0bfa406ae328 python3-tornado-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 3af895b1c791c110f49f9098f4f3866425b7a40a53d1463c0c774c65656f35ef python3-tornado-debuginfo-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: a678a48664ae4ff6395846328e4b3595009c2ecdc88594136467d777899ca1c4 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e aarch64 python-tornado-debugsource-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: ceb8c5d49cc025732d902d020938d785463f803fd4b4a6f865e9d9cc177ba935 python3-tornado-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: f96a0111f05247b710befd766477b9ecf6000e1b7e614886a8e8c68d0e1818ee python3-tornado-debuginfo-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: bf4fc7a703bfbb8aca75b21d86d49db1d6be2375296896842c50711c6461d225 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e s390x python-tornado-debugsource-6.4.2-1.el9_4.2.s390x.rpm SHA-256: 5f4654c516f99870aa20f1458b6263d6eaa473620d0962bf3c2783e6237cc331 python3-tornado-6.4.2-1.el9_4.2.s390x.rpm SHA-256: f72ebd8fa5436a183bbed63196ce72b748729accf4b119556df5d61544691497 python3-tornado-debuginfo-6.4.2-1.el9_4.2.s390x.rpm SHA-256: 0b0b5135aa7599559bf1a19510b2a43c32464c0b4da5455ae281141707c448ec Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e x86_64 python-tornado-debugsource-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 4dbcaf99f567dc7b724c66d5b712b3af497a3cf34db3d20dc7bb0bfa406ae328 python3-tornado-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: 3af895b1c791c110f49f9098f4f3866425b7a40a53d1463c0c774c65656f35ef python3-tornado-debuginfo-6.4.2-1.el9_4.2.x86_64.rpm SHA-256: a678a48664ae4ff6395846328e4b3595009c2ecdc88594136467d777899ca1c4 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e aarch64 python-tornado-debugsource-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: ceb8c5d49cc025732d902d020938d785463f803fd4b4a6f865e9d9cc177ba935 python3-tornado-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: f96a0111f05247b710befd766477b9ecf6000e1b7e614886a8e8c68d0e1818ee python3-tornado-debuginfo-6.4.2-1.el9_4.2.aarch64.rpm SHA-256: bf4fc7a703bfbb8aca75b21d86d49db1d6be2375296896842c50711c6461d225 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4ef2ade07103b3486fe070d554ac1e ppc64le python-tornado-debugsource-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: 93f572d9788ece65cf370c08b496ab00cec06553458f6eaf38daf15d99edb788 python3-tornado-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: 0601da3ab575e93642152cd46c08dbf18c95922f1724ae74d143cc508523d312 python3-tornado-debuginfo-6.4.2-1.el9_4.2.ppc64le.rpm SHA-256: c68fdb305b2f38e46a9c61987de59b15ce94020f9476b1cc16665d39bbf6a274 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 SRPM python-tornado-6.4.2-1.el9_4.2.src.rpm SHA-256: aa1d16850a9027f135590d99a991f0176b4e