CVE-2026-49854
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implem
CVSS
5.3
Medio
EPSS
0.4%
p36
KEV
—
Exploit Today
11
0-100
Publicado: 14 jul 2026 · Última mod.: 15 jul 2026 · CWE-126
0.4%EPSS · 30 días0.4%
2026-07-152026-07-18
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocket_mask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided buffer when reached through Tornado XSRF token decoding with the native extension active. This issue is fixed in version 6.5.6.
- github.comhttps://github.com/tornadoweb/tornado/commit/96dc88c2a05705287856b2cd6b4b4034f9a6aaac
- github.comhttps://github.com/tornadoweb/tornado/pull/3626
- github.comhttps://github.com/tornadoweb/tornado/releases/tag/v6.5.6
- github.comhttps://github.com/tornadoweb/tornado/security/advisories/GHSA-cx3h-4qpv-8hc9
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-256468.1 ALT57.4%
——17LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.4dCVE-2026-52608.2 ALT50.0%
——15A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.3dCVE-2026-504686.5 MED49.6%
——15Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.4dCVE-2026-504456.5 MED47.7%
——14Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.3dCVE-2026-505046.5 MED46.4%
——14Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.4dCVE-2026-441857.3 ALT44.7%
——13Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.2d