MGASA-2026-0092

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2025-67724 CVE-2025-67725 CVE-2025-67726

Published: 10 Apr 2026, 17:11

Last modified:16 Apr 2026, 04:15

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Apr 2026, 17:11

Published

Vulnerability first disclosed

16 Apr 2026, 04:15

Last Modified

Vulnerability information updated

Description

Updated python-tornado packages fix security vulnerabilities Tornado vulnerable to Header Injection and XSS via reason argument. (CVE-2025-67724) Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing. (CVE-2025-67725) Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters. (CVE-2025-67726)

Affected Systems

mageia•python-tornado
< 6.3.2-1.3.mga9

References (3)

https://advisories.mageia.org/MGASA-2026-0092.html
https://bugs.mageia.org/show_bug.cgi?id=35326
https://lists.debian.org/debian-security-announce/2026/msg00104.html