cvedb.io
CVE-2026-27448
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-03-18T00:16:19.107 · Last modified 2026-06-17T10:27:10.570

Summary

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

Affected products

pyopenssl — pyopenssl

Does this affect you?

Add your gear to cvedb and we'll alert you only when pyopenssl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.