Back to CVE List

CVE-2026-49855

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vulnerability Description

tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Vulnerability Details

Published Date

June 15, 2026

Last Modified

June 15, 2026

Source

GitHub

Vendor

pip

Product

tornado

External References

Discussion (0)

Add Comment

No comments yet. Be the first!