QwikSec

Security Database

CVE

CWE

Training

CVE-2026-27459

Published: Mar 17, 2026

Modified: Mar 18, 2026

PUBLISHED

Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Vendor	Product	Versions
pyca	pyopenssl	affected `>= 22.0.0, < 26.0.0`

Weaknesses (CWE)

References

https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4

x_refsource_CONFIRM

https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408

x_refsource_MISC

https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.