PT-2026-25778 · Openssl+3 · Openssl+3

Leury Castillo

Publicado

2026-03-16

Atualizado

2026-05-28

CVE-2026-27448

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 0.14.0 through 25.9.9

Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set tlsext servername callback function raised an unhandled exception, a connection would be accepted. This could allow bypassing security-sensitive behavior if a user relied on this callback. Starting with version 26.0.0, unhandled exceptions now result in rejecting the connection. The set tlsext servername callback function is used to set a callback that is invoked when the TLS server name extension is received during the TLS handshake. The username and password are not directly involved in this issue.

Recommendations pyOpenSSL versions 0.14.0 through 25.9.9 should be updated to version 26.0.0 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-636

Identificadores relacionados

CVE-2026-27448

ECHO-E106-5B29-8A6F

GHSA-VP96-HXJ8-P424

MGASA-2026-0074

OESA-2026-1729

OESA-2026-1730

OESA-2026-1731

OESA-2026-1732

OESA-2026-1733

OESA-2026-1734

OPENSUSE-SU-2026:10392-1

OPENSUSE-SU-2026:20419-1

RHSA-2026:7224

SUSE-SU-2026:1192-1

SUSE-SU-2026:1416-1

SUSE-SU-2026:1582-1

SUSE-SU-2026:20930-1

SUSE-SU-2026:20954-1

SUSE-SU-2026:20960-1

SUSE-SU-2026:21990-1

SUSE-SU-2026:2242-1

SUSE-SU-2026:2244-1

SUSE-SU-2026:2255-1

USN-8115-1

USN-8335-1

Produtos afetados

Linuxmint

Openssl

Ubuntu

Pyopenssl

PT-2026-25778 · Openssl+3 · Openssl+3

CVE-2026-27448

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60