{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27448", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-19T17:25:31.100Z", "datePublished": "2026-03-17T23:24:30.661Z", "dateUpdated": "2026-03-18T20:18:08.768Z"}, "containers": {"cna": {"title": "pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback", "problemTypes": [{"descriptions": [{"cweId": "CWE-636", "lang": "en", "description": "CWE-636: Not Failing Securely ('Failing Open')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 1.7, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424"}, {"name": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"}, {"name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27"}], "affected": [{"vendor": "pyca", "product": "pyopenssl", "versions": [{"version": ">= 0.14.0, < 26.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-17T23:24:30.661Z"}, "descriptions": [{"lang": "en", "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection."}], "source": {"advisory": "GHSA-vp96-hxj8-p424", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T20:17:52.492201Z", "id": "CVE-2026-27448", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T20:18:08.768Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27448", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T20:17:52.492201Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T20:18:06.117Z"}}], "cna": {"title": "pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback", "source": {"advisory": "GHSA-vp96-hxj8-p424", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "pyca", "product": "pyopenssl", "versions": [{"status": "affected", "version": ">= 0.14.0, < 26.0.0"}]}], "references": [{"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424", "name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0", "name": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27", "name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-636", "description": "CWE-636: Not Failing Securely ('Failing Open')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-17T23:24:30.661Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27448", "state": "PUBLISHED", "dateUpdated": "2026-03-18T20:18:08.768Z", "dateReserved": "2026-02-19T17:25:31.100Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-17T23:24:30.661Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AE99DC9-6CA8-484B-962C-92A1F7652489", "versionEndExcluding": "26.0.0", "versionStartIncluding": "0.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection."}, {"lang": "es", "value": "pyOpenSSL es un envoltorio de Python alrededor de la biblioteca OpenSSL. A partir de la versi\u00f3n 0.14.0 y antes de la versi\u00f3n 26.0.0, si un callback proporcionado por el usuario a `set_tlsext_servername_callback` generaba una excepci\u00f3n no controlada, esto daba como resultado que se aceptara una conexi\u00f3n. Si un usuario depend\u00eda de este callback para cualquier comportamiento sensible a la seguridad, esto podr\u00eda permitir eludirlo. A partir de la versi\u00f3n 26.0.0, las excepciones no controladas ahora dan como resultado el rechazo de la conexi\u00f3n."}], "id": "CVE-2026-27448", "lastModified": "2026-03-23T18:10:12.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.7, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-18T00:16:19.107", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-636"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback", "id": "2448508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448508"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-636", "details": ["A flaw was found in pyOpenSSL. The set_tlsext_servername_callback callback function can be used to implement Server Name Indication (SNI) during the TLS handshake. When the callback raises an unhandled exception, the handshake incorrectly proceeds instead of terminating. This fail-open behavior can allow an attacker to bypass SNI-based security controls and access restricted endpoints."], "mitigation": {"lang": "en:us", "value": "To mitigate this flaw, ensure the callback provided to the set_tlsext_servername_callback function is wrapped in a try/except block. This block should explicitly return a failure code instead of allowing the exception to propagate."}, "name": "CVE-2026-27448", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/ansible-dev-tools-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/eda-controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/hub-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/lightspeed-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/platform-resource-runner-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python3.11-pyOpenSSL", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python3.12-pyOpenSSL", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python3x-pyOpenSSL", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python-pyOpenSSL", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_core:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform/ee-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform Ansible Core 2"}, {"cpe": "cpe:/a:redhat:ansible_core:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform Ansible Core 2"}, {"cpe": "cpe:/a:redhat:ansible_core:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-tech-preview/ee-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform Ansible Core 2"}, {"cpe": "cpe:/a:redhat:ansible_core:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-tech-preview/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform Ansible Core 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pyOpenSSL", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pyOpenSSL", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "pyOpenSSL", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-feature-server-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "pyOpenSSL", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "pyOpenSSL", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "pyOpenSSL", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "python3.12-pyOpenSSL", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "python-pyOpenSSL", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "satellite-capsule:el8/python-pyOpenSSL", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "satellite:el8/python-pyOpenSSL", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "satellite/iop-advisor-engine-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "satellite/iop-insights-engine-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "rhtas/model-transparency-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Fix deferred", "package_name": "python-pyOpenSSL", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}], "public_date": "2026-03-17T23:24:30Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27448\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27448\nhttps://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27\nhttps://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\nhttps://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424"], "statement": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_tlsext_servername_callback function. For the handshake to proceed incorrectly, the callback must raise an unhandled exception, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.14.0,26.0.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "pyopenssl", "source": "cna", "vendor": "pyca"}, "product": "pyopenssl", "vendor": "pyca"}], "analysis": {"en": {"generated_at": "2026-03-23T19:29:16.762356+00:00", "value": {"mitigation_remediation": ["Upgrade pyOpenSSL to version 26.0.0 or later.", "If upgrade is not immediately possible, ensure any set_tlsext_servername_callback implementation does not raise unhandled exceptions or wrap it in try/except and log the error.", "Validate that your applications do not rely on untrusted input for that callback.", "Monitor logs for abnormal TLS connection acceptance or exception traces."], "summary": {"action": "Apply Patch", "impact": "TLS Connection Bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts the pyca:pyopenssl product. Versions from 0.14.0 through 25.99.999 are affected. Starting with version 26.0.0, the library now rejects connections when the callback raises an unhandled exception, fixing the issue.", "description_and_impact": "pyOpenSSL provides a wrapper for OpenSSL. Before version 26.0.0, a provider\u2011supplied callback to set_tlsext_servername_callback that raised an exception caused the library to accept the TLS connection regardless of the error. This flaw, classified as improper error handling (CWE\u2011636), allows an attacker to bypass logic that relies on the callback for security considerations, such as rejecting connections that do not match expected server names or protocols.", "risk_and_exploitability": "The CVSS score of 1.7 indicates a low severity, and the EPSS score of less than 1\u202f% suggests a very low chance of exploitation. The flaw is not present in the CISA KEV catalog. In practice, exploitation requires a client that triggers an exception in a custom callback, and only systems that rely on that callback for security decisions are truly at risk. Monitoring for unhandled exceptions and applying the available patch therefore mitigates the risk."}}}}, "created": "2026-03-18T10:42:33.089614+00:00", "updated": "2026-03-24T10:54:21.736361+00:00", "vendors": ["pyca", "pyca$PRODUCT$pyopenssl"]}