CVE-2026-27448

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 0.14.0 through 25.9.9

Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set tlsext servername callback function raised an unhandled exception, a connection would be accepted. This could allow bypassing security-sensitive behavior if a user relied on this callback. Starting with version 26.0.0, unhandled exceptions now result in rejecting the connection. The set tlsext servername callback function is used to set a callback that is invoked when the TLS server name extension is received during the TLS handshake. The username and password are not directly involved in this issue.

Recommendations pyOpenSSL versions 0.14.0 through 25.9.9 should be updated to version 26.0.0 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-636

Related Identifiers

CVE-2026-27448

ECHO-E106-5B29-8A6F

GHSA-VP96-HXJ8-P424

MGASA-2026-0074

OESA-2026-1729

OESA-2026-1730

OESA-2026-1731

OESA-2026-1732

OESA-2026-1733

OESA-2026-1734

OPENSUSE-SU-2026:10392-1

OPENSUSE-SU-2026:20419-1

RHSA-2026:7224

SUSE-SU-2026:1192-1

SUSE-SU-2026:1416-1

SUSE-SU-2026:1582-1

SUSE-SU-2026:20930-1

SUSE-SU-2026:20954-1

SUSE-SU-2026:20960-1

USN-8115-1

USN-8335-1

Affected Products

Linuxmint

Openssl

Ubuntu

Pyopenssl

CVE-2026-27448

Weakness Enumeration

Related Identifiers

Affected Products

References · 60