Back

Critical Vulnerabilities in Tornado Affect Ubuntu 26.04 LTS

Severity: High (Score: 70.5)

Sources: Ubuntu, Linuxsecurity

Summary

Two significant vulnerabilities have been identified in Tornado, a web server framework used in Ubuntu 26.04 LTS. CVE-2026-31958, published on 2026-03-11, allows attackers to exploit improper handling of large multipart request bodies, potentially leading to denial of service. Another vulnerability, CVE-2026-35536, published on 2026-04-03, involves inadequate validation of cookie values, enabling attackers to inject arbitrary cookie attributes. Both vulnerabilities were addressed in the recent update USN-8198-2. Users of Ubuntu 26.04 LTS are advised to update their systems to mitigate these risks. The vulnerabilities could impact a wide range of applications relying on Tornado. The updates are crucial for maintaining system integrity and security. Ubuntu Pro offers ten-year security coverage for affected packages. Key Points: • Two critical vulnerabilities in Tornado affect Ubuntu 26.04 LTS. • CVE-2026-31958 can lead to denial of service attacks. • CVE-2026-35536 allows for arbitrary cookie attribute injection.

Key Entities

  • DDoS (attack_type)
  • CVE-2026-31958 (cve)
  • CVE-2026-35536 (cve)
  • Tornado (platform)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed