CVE-2026-49853 - Tornado cross-origin redirect credential leak
CVE-2026-49853 affects Tornado’s SimpleAsyncHTTPClient. In vulnerable
versions, when a request follows a redirect to a different origin, Tornado
removes only the Host header and can still forward Authorization,
auth_username, auth_password, and related auth state to the redirected
destination.
This is an outbound-client data exposure issue. If the application talks to a
URL that an attacker can influence and follow_redirects=True is in play,
credentials meant for one service can be disclosed to another.
When to use it
Use this recipe when a Python repository depends on Tornado and uses
SimpleAsyncHTTPClient or AsyncHTTPClient for outbound requests that may
follow redirects while carrying credentials. It is especially useful for
webhook delivery, OAuth/OIDC metadata fetches, package/model downloads,
internal API clients, SSRF-prone URL fetchers, scanners, and agent tools that
accept user or tenant supplied URLs.
Use it to upgrade Tornado and add redirect hygiene tests. Do not use it to send real credentials to external redirect targets.
Inputs
- Python dependency files, lockfiles, containers, SBOMs, generated dependency
reports, images, and deployment artifacts that may resolve
tornado. - Outbound client helpers using
SimpleAsyncHTTPClient,AsyncHTTPClient,HTTPRequest,follow_redirects, inline auth,Authorization, cookies, service-account headers, orauth_username/auth_password. - Data-flow evidence showing whether request URLs are trusted config, tenant supplied, unauthenticated input, webhook provider controlled, OAuth/provider supplied, agent/tool supplied, or model-provider supplied.
- Destination trust policy for high-value credentials: scheme, host, port, redirect policy, allow-list, token scope, token lifetime, and rotation owner.
- Safe regression fixtures for cross-origin redirects that use synthetic credentials and local test servers only.
Affected versions
- Vulnerable:
tornado < 6.5.6 - Fixed:
6.5.6+ - Default-risk setting:
follow_redirects=True
Indicator-of-exposure
- The repository resolves
tornado < 6.5.6. - Application code uses
SimpleAsyncHTTPClientorAsyncHTTPClientagainst attacker-influenced URLs. - Requests include
Authorization, inline credentials, or service-account headers and permit redirects.
Quick checks:
rg -n "SimpleAsyncHTTPClient|AsyncHTTPClient|follow_redirects|Authorization|auth_username|auth_password|HTTPRequest\\(" .
python -m pip show tornado
Windows:
rg -n "SimpleAsyncHTTPClient|AsyncHTTPClient|follow_redirects|Authorization|auth_username|auth_password|HTTPRequest\\(" .
python -m pip show tornado
Do not test by leaking real credentials to attacker-controlled redirect hosts.
Remediation strategy
- Upgrade Tornado to
6.5.6+. - Review outbound clients that follow redirects while carrying credentials.
- Add explicit redirect policies or destination allow-lists for high-trust service credentials.
- Reduce long-lived shared credentials in clients that can reach untrusted domains.
The prompt
Model context: this prompt was generated by GPT 5.5 Extra High reasoning.
You are remediating CVE-2026-49853 / GHSA-3x9g-8vmp-wqvf, a Tornado redirect
credential leak in `SimpleAsyncHTTPClient`. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades Tornado, hardens outbound
redirect handling, adds safe regression checks, and documents operator
follow-up, or
- TRIAGE.md if this repository does not control an affected Tornado client.
## Rules
- Scope only CVE-2026-49853 and directly related outbound HTTP client usage.
- Treat bearer tokens, passwords, cookies, and service-account credentials as
sensitive.
- Do not send real credentials to attacker-controlled redirect targets.
- Do not auto-merge.
## Steps
1. Inventory every Tornado dependency, lockfile, image, and client helper.
2. Determine whether any resolved version is below `6.5.6`.
3. Search for redirect-following outbound requests that carry credentials.
4. If no controlled affected client exists, stop with `TRIAGE.md`.
5. Upgrade Tornado to `6.5.6+` and refresh dependency artifacts.
6. Add safe regression coverage showing cross-origin redirects do not retain
auth material.
7. Tighten outbound URL trust rules where service credentials can reach
attacker-influenced destinations.
8. Add a PR body section named `CVE-2026-49853 operator actions` covering
versions before and after, which clients were audited, and whether any
credential rotation is advised.
9. Run relevant validation: package install, tests, client regressions,
linting, and dependency/security scans.
10. Use PR title:
`fix(sec): remediate CVE-2026-49853 in Tornado clients`.
## Stop conditions
- No affected Tornado client is controlled here.
- Verification would require disclosing live credentials to an external host.
- Outbound client behavior is owned by another service outside this repository.
Verification - what the reviewer looks for
- No controlled install resolves
tornado < 6.5.6. - Redirect regression tests prove auth state is dropped on cross-origin redirects.
- High-trust outbound clients no longer mix untrusted destinations with redirect-following credentials.
Watch for
- Upgrading Tornado while vendored helper code reimplements the old behavior.
- Assuming
AsyncHTTPClientusage is safe without checking the concrete client. - Leaving long-lived credentials on clients that accept arbitrary URLs.
Output contract
Return one of:
- A reviewer-ready PR/change request that upgrades Tornado to
6.5.6+, audits redirect-following credentialed clients, adds safe regression tests proving auth state drops on cross-origin redirects, tightens outbound URL trust rules, refreshes artifacts, and documents credential review. TRIAGE.mdwhen no controlled affected Tornado dependency, client helper, image, or deployment artifact exists.
The output must list versions before/after, credentialed clients audited, attacker-influenced URL sources, redirect policy changes, validation commands, and whether rotation is advised. It must not leak real credentials, contact attacker-controlled redirect targets with live tokens, capture authorization headers, or remove useful outbound validation to silence the alert.
Related recipes
- CVE-2026-6321 - fast-uri encoded path traversal
- Source-code secrets data exposure audit
- Source-code attack surface map
References
- GitHub Advisory Database: https://github.com/advisories/GHSA-3x9g-8vmp-wqvf
- Tornado advisory: https://github.com/tornadoweb/tornado/security/advisories/GHSA-3x9g-8vmp-wqvf