CVE-2026-27448

Published: Mar 18, 2026 Last Modified: Mar 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 1,7

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

636

Not Failing Securely ('Failing Open')

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

Technologies: Not Technology-Specific, ICS/OT

View CWE Details

https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930…

https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3…

https://github.com/pyca/pyopenssl/commit/d41a814759a9fb4958…

https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85a…

https://github.com/pyca/pyopenssl/security/advisories/GHSA-…

https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424

CVE-2026-27448

Description

Not Failing Securely ('Failing Open')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter