CVE-2026-35536

Published: Apr 03, 2026 Last Modified: Apr 03, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,2

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.

159

Improper Handling of Invalid Use of Special Elements

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Unexpected State

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/tornadoweb/tornado/releases/tag/v6.5.5

https://github.com/tornadoweb/tornado/security/advisories/G…

https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7

CVE-2026-35536

Description

Improper Handling of Invalid Use of Special Elements

Common Consequences

Applicable Platforms

Iscriviti alla newsletter