Security Advisory

CVE-2026-35536

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-03 02:25:57

Last updated 2026-04-03 13:12:16

Assigner mitre

State PUBLISHED

Description

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.

← Browse all CVEs View on cve.org ↗