CVE-2026-27448 - Vulnerability Details

- pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

Published: 2026-03-17

Score: 1.7 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

pyOpenSSL provides a wrapper for OpenSSL. Before version 26.0.0, a provider‑supplied callback to set_tlsext_servername_callback that raised an exception caused the library to accept the TLS connection regardless of the error. This flaw, classified as improper error handling (CWE‑636), allows an attacker to bypass logic that relies on the callback for security considerations, such as rejecting connections that do not match expected server names or protocols.

Affected Systems

The vulnerability impacts the pyca:pyopenssl product. Versions from 0.14.0 through 25.99.999 are affected. Starting with version 26.0.0, the library now rejects connections when the callback raises an unhandled exception, fixing the issue.

Risk and Exploitability

The CVSS score of 1.7 indicates a low severity, and the EPSS score of less than 1 % suggests a very low chance of exploitation. The flaw is not present in the CISA KEV catalog. In practice, exploitation requires a client that triggers an exception in a custom callback, and only systems that rely on that callback for security decisions are truly at risk. Monitoring for unhandled exceptions and applying the available patch therefore mitigates the risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

pyca

pyopenssl

affected

Version	Status	Constraints
`>= 0.14.0, < 26.0.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Pyca

Pyopenssl

100%

Version	Status	Scheme	Platform
`[0.14.0,26.0.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade pyOpenSSL to version 26.0.0 or later.
If upgrade is not immediately possible, ensure any set_tlsext_servername_callback implementation does not raise unhandled exceptions or wrap it in try/except and log the error.
Validate that your applications do not rely on untrusted input for that callback.
Monitor logs for abnormal TLS connection acceptance or exception traces.

Generated by OpenCVE AI on March 23, 2026 at 19:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-vp96-hxj8-p424	pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Ubuntu USN	USN-8115-1	pyOpenSSL vulnerabilities

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27
https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0
https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424
https://nvd.nist.gov/vuln/detail/CVE-2026-27448
https://www.cve.org/CVERecord?id=CVE-2026-27448

History

Mon, 23 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pyopenssl Pyopenssl pyopenssl
CPEs		cpe:2.3:a:pyopenssl:pyopenssl::::::::
Vendors & Products		Pyopenssl Pyopenssl pyopenssl
Metrics	cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

Thu, 19 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-27448 https://www.cve.org/CVERecord?id=CVE-2026-27448
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}` threat_severity `Moderate`

Wed, 18 Mar 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pyca Pyca pyopenssl
Vendors & Products		Pyca Pyca pyopenssl

Tue, 17 Mar 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.
Title		pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Weaknesses		CWE-636
References		https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27 https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0 https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424
Metrics		cvssV4_0 `{'score': 1.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}`

Subscriptions

Pyca Pyopenssl

Pyopenssl Pyopenssl

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-17T23:24:30.661Z

Updated: 2026-03-18T20:18:08.768Z

Reserved: 2026-02-19T17:25:31.100Z

Link: CVE-2026-27448

Vulnrichment

Updated: 2026-03-18T20:18:06.117Z

NVD

Status : Analyzed

Published: 2026-03-18T00:16:19.107

Modified: 2026-03-23T18:10:12.370

Link: CVE-2026-27448

Redhat

Severity : Moderate

Publid Date: 2026-03-17T23:24:30Z

Links: CVE-2026-27448 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-24T10:54:21Z

Weaknesses

CWE-636

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object