Leury Castillo

**Name of the Vulnerable Software and Affected Versions** pyOpenSSL versions 0.14.0 through 25.9.9 **Description** pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the `set tlsext servername callback` function raised an unhandled exception, a connection would be accepted. This could allow bypassing security-sensitive behavior if a user relied on this callback. Starting with version 26.0.0, unhandled exceptions now result in rejecting the connection. The `set tlsext servername callback` function is used to set a callback that is invoked when the TLS server name extension is received during the TLS handshake. The `username` and `password` are not directly involved in this issue. **Recommendations** pyOpenSSL versions 0.14.0 through 25.9.9 should be updated to version 26.0.0 or later.