CVE-2026-27459

HIGH
2026-03-16 https://github.com/pyca/pyopenssl GHSA-5pwr-322w-8jr4
7.2
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 17:20 vuln.today
Patch Released
Mar 16, 2026 - 17:20 nvd
Patch available
CVE Published
Mar 16, 2026 - 16:22 nvd
HIGH 7.2

Tags

OpenSSL Buffer Overflow Redhat Suse

Description

If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected.

Analysis

Buffer overflow in pyOpenSSL's cookie generation callback allows attackers to corrupt memory and potentially achieve remote code execution by supplying oversized cookie values exceeding 256 bytes. The vulnerability affects applications using custom cookie callbacks with OpenSSL integration, where insufficient length validation permits writing beyond allocated buffer boundaries. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems and applications using pyOpenSSL and document their versions. Within 7 days: Apply the available patch to all affected systems and test in non-production environments first. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Vendor Status

Share

CVE-2026-27459 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy