Buffer Overflow Vulnerability in PyOpenSSL Affects Users
CVE-2026-27459

7.2HIGH

Key Information:

Vendor

Pyca

Status
PyOpenSSL
Vendor
CVE Published:
17 March 2026

What is CVE-2026-27459?

A buffer overflow vulnerability exists in PyOpenSSL, a Python wrapper around the OpenSSL library, where a user-defined callback function returning a cookie value exceeding 256 bytes can lead to an overflow in the OpenSSL buffer. This issue is present in versions 22.0.0 through 25.x.x. In version 26.0.0 and later, such excessively long cookie values are now correctly rejected, mitigating the risk associated with this vulnerability.

Affected Version(s)

pyopenssl >= 22.0.0, < 26.0.0

References

https://github.com/pyca/pyopenssl/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3b...
x_refsource_MISC
https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c599...
x_refsource_MISC

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.