CVE-2026-35536 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.2 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Affected Products (NVD)

Vendor	Product	Version
tornadoweb	tornado	𝑥 < 6.5.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-tornado

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	6.1.0-1+deb11u4 fixed
forky	6.5.5-1 fixed
sid	6.5.5-2 fixed
trixie	vulnerable
trixie (security)	vulnerable

Red Hat Enterprise Linux Releases

Red Hat Product

Release

python3-tornado

RHEL 9

0:6.5.5-1.el9_8

fixed

Common Weakness Enumeration

CWE-159 - Improper Handling of Invalid Use of Special Elements
The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.

References

https://github.com/tornadoweb/tornado/releases/tag/v6.5.5

https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7