CVE-2026-27448

Summary

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to set_tlsext_servername_callback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

Affected Software

VendorProductVersion RangeStatus
pycapyopenssl>= 0.14.0, < 26.0.0affected

Weaknesses

  • CWE-636: CWE-636: Not Failing Securely ('Failing Open')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References