cvedb.io
CVE-2026-27459
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-03-18T00:16:19.273 · Last modified 2026-07-01T13:16:54.407

Summary

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Affected products

pyopenssl — pyopenssl

Does this affect you?

Add your gear to cvedb and we'll alert you only when pyopenssl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.