CVE-2026-27459

CVSS v4.0

7.2

Vector

AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

If a user provided callback to

set cookie generate callback

returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer.

Cookie values that are too long are now rejected.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2026-27459

GHSA-5PWR-322W-8JR4

Pyopenssl