CVE-2026-27459

HIGH SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Vulnerability Details

Published Date

March 16, 2026

Last Modified

March 25, 2026

CWE ID

CWE-120

Source

GitHub

Vendor

pip

Product

pyopenssl

External References

https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4
https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408
https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst
https://github.com/advisories/GHSA-5pwr-322w-8jr4

CVE-2026-27459

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment