Linux Distros Unpatched Vulnerability : CVE-2026-27459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to...

UBUNTU-CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459

CVE-2026-27459 affects the pyOpenSSL Python wrapper around OpenSSL. Before 26.0.0, specifically in 22.0.0 through 25.x, a callback provided to set_cookie_generate_callback could return a cookie value >256 bytes, causing an overflow of an OpenSSL buffer. Starting with 26.0.0, such long cookie v...

CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27448

The connected advisory GHSA-vp96-hxj8-p424 describes a vulnerability in pyOpenSSL where a user-provided callback to set_tlsext_servername_callback that raises an unhandled exception causes the TLS connection to be accepted, effectively bypassing any security-sensitive behavior the callback was in...

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

pyOpenSSL 安全漏洞

pyOpenSSL is an open-source Python library developed by the Python Cryptographic Authority. Versions of pyOpenSSL from 22.0.0 to 26.0.0 had security vulnerabilities. These vulnerabilities were caused by an issue where the cookie value returned by setcookiegeneratecallback was too long, leading to...

pyOpenSSL 安全漏洞

pyOpenSSL is an open-source Python library that encapsulates OpenSSL from the Python Cryptographic Authority project. Versions of pyOpenSSL from 0.14.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from unhandled exceptions in the settlsextservername Callback functio...

a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1252 more potentially affected by CVE-2026-27459 via pyopenssl (>=22.0.0 <=25.3.0)

pyopenssl PYPI version =22.0.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.4, =0.2.2, =0.1.1, =1.0.0, =1.0.1 and more Source cves: CVE-2026-27459 Source advisory: OSV:GHSA-5PWR-322W-8JR4...

pyOpenSSL DTLS cookie callback buffer overflow

If a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the setcookiegeneratecallback function. An attacker can cause a buffer overflow by providing a callback that returns a cookie value greater than 256 bytes. Note: This is only exploitable if the application explicitly...

a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1252 more potentially affected by CVE-2026-27459 via pyopenssl (>=22.0.0 <=25.3.0)

pyopenssl PYPI version =22.0.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.4, =0.2.2, =0.1.1, =1.0.0, =1.0.1 and more Source cves: CVE-2026-27459 Source advisory: SNYK:PYTHON-PYOPENSSL-15674459...

a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1580 more potentially affected by CVE-2026-27448 via pyopenssl (>=0.14.0 <=25.3.0)

pyopenssl PYPI version =0.14.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.2, =2.8.1, =0.4.0, =0.2.2, =0.2.11 and more Source cves: CVE-2026-27448 Source advisory: OSV:GHSA-VP96-HXJ8-P424...

a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1580 more potentially affected by CVE-2026-27448 via pyopenssl (>=0.14.0 <=25.3.0)

pyopenssl PYPI version =0.14.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.2, =2.8.1, =0.4.0, =0.2.2, =0.2.11 and more Source cves: CVE-2026-27448 Source advisory: SNYK:PYTHON-PYOPENSSL-15674458...