CVE-2026-27459CRITICAL 9.8EPSS p38.8%

CVE-2026-27459CVE-2026-27459

Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.8% · 2026-06-19T12:03:05Z
Published2026-03-18
Last modified2026-03-25

Underlying weaknesses· 1

CWE-120

References

  1. https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst
  2. https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408
  3. https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4

1

TypeTargetConfidenceTier
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-1200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22904
CVE
CVE-2026-3644
CVE
CVE-2026-39892
CVE
CVE-2026-41898
CVE
CVE-2026-7383
CVE
CVE-2026-2646
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.