Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for pyopenssl by pyca

    CVE-2026-27459 (GCVE-0-2026-27459)

    Vulnerability from nvd – Published: 2026-03-17 23:34 – Updated: 2026-07-01 12:04
    VLAI
    Title
    pyOpenSSL DTLS cookie callback buffer overflow
    Summary
    pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    URL Tags
    https://github.com/pyca/pyopenssl/security/adviso… x_refsource_CONFIRM
    https://github.com/pyca/pyopenssl/commit/57f09bb4… x_refsource_MISC
    https://github.com/pyca/pyopenssl/blob/358cbf29c4… x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-27459 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2448503 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:13512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10754 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14874 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14873 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14835 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13553 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13545 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7224 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11996 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8437 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    pyca pyopenssl Affected: >= 22.0.0, < 26.0.0
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat RHUI 4 for RHEL 8     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9     cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9     cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_maintenance:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5     cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6     cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17     cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.4     cpe:/a:redhat:trusted_artifact_signer:1.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform Ansible Core 2     cpe:/a:redhat:ansible_core:2
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 10     cpe:/a:redhat:ansible_automation_platform:2.6::el10
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27459",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T19:52:08.536876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T19:52:15.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:4::el8"
                ],
                "defaultStatus": "affected",
                "product": "RHUI 4 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.17::el9",
                  "cpe:/a:redhat:satellite_capsule:6.17::el9",
                  "cpe:/a:redhat:satellite_utils:6.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.17 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.18::el9",
                  "cpe:/a:redhat:satellite_capsule:6.18::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.18::el9",
                  "cpe:/a:redhat:satellite_utils:6.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.18 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_core:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform Ansible Core 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-17T23:34:28.483Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:04:53.469Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-27459"
              },
              {
                "name": "RHBZ#2448503",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27459.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13512"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10754"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14874"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13508"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14873"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14835"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13553"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13545"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7224"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11856"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11996"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8437"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10754: RHUI 4 for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14874: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13508: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14873: Red Hat Satellite 6.17 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14835: Red Hat Satellite 6.18 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13553: Red Hat Ansible Automation Platform 2.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7224: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11916: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11856: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11996: Red Hat Quay 3.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8437: Red Hat Trusted Artifact Signer 1.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T00:01:41.404Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-17T23:34:28.483Z",
                "value": "Made public."
              }
            ],
            "title": "pyOpenSSL: DTLS cookie callback buffer overflow",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pyopenssl",
              "vendor": "pyca",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 22.0.0, \u003c 26.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T23:34:28.483Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-5pwr-322w-8jr4",
            "discovery": "UNKNOWN"
          },
          "title": "pyOpenSSL DTLS cookie callback buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-27459",
        "datePublished": "2026-03-17T23:34:28.483Z",
        "dateReserved": "2026-02-19T17:25:31.100Z",
        "dateUpdated": "2026-07-01T12:04:53.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27448 (GCVE-0-2026-27448)

    Vulnerability from nvd – Published: 2026-03-17 23:24 – Updated: 2026-03-18 20:18
    VLAI
    Title
    pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
    Summary
    pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-636 - Not Failing Securely ('Failing Open')
    Assigner
    Impacted products
    Vendor Product Version
    pyca pyopenssl Affected: >= 0.14.0, < 26.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T20:17:52.492201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T20:18:08.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pyopenssl",
              "vendor": "pyca",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.14.0, \u003c 26.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T23:24:30.661Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27"
            }
          ],
          "source": {
            "advisory": "GHSA-vp96-hxj8-p424",
            "discovery": "UNKNOWN"
          },
          "title": "pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-27448",
        "datePublished": "2026-03-17T23:24:30.661Z",
        "dateReserved": "2026-02-19T17:25:31.100Z",
        "dateUpdated": "2026-03-18T20:18:08.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27459 (GCVE-0-2026-27459)

    Vulnerability from cvelistv5 – Published: 2026-03-17 23:34 – Updated: 2026-07-01 12:04
    VLAI
    Title
    pyOpenSSL DTLS cookie callback buffer overflow
    Summary
    pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    URL Tags
    https://github.com/pyca/pyopenssl/security/adviso… x_refsource_CONFIRM
    https://github.com/pyca/pyopenssl/commit/57f09bb4… x_refsource_MISC
    https://github.com/pyca/pyopenssl/blob/358cbf29c4… x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-27459 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2448503 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:13512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10754 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14874 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14873 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14835 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13553 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13545 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7224 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11996 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8437 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    pyca pyopenssl Affected: >= 22.0.0, < 26.0.0
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat RHUI 4 for RHEL 8     cpe:/a:redhat:rhui:4::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9     cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9     cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_maintenance:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5     cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6     cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17     cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.4     cpe:/a:redhat:trusted_artifact_signer:1.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform Ansible Core 2     cpe:/a:redhat:ansible_core:2
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 10     cpe:/a:redhat:ansible_automation_platform:2.6::el10
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27459",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T19:52:08.536876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T19:52:15.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:4::el8"
                ],
                "defaultStatus": "affected",
                "product": "RHUI 4 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.17::el9",
                  "cpe:/a:redhat:satellite_capsule:6.17::el9",
                  "cpe:/a:redhat:satellite_utils:6.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.17 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.18::el9",
                  "cpe:/a:redhat:satellite_capsule:6.18::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.18::el9",
                  "cpe:/a:redhat:satellite_utils:6.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.18 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_core:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform Ansible Core 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-17T23:34:28.483Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:04:53.469Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-27459"
              },
              {
                "name": "RHBZ#2448503",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27459.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13512"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10754"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14874"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13508"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14873"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14835"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13553"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13545"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7224"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11856"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11996"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8437"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10754: RHUI 4 for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14874: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13508: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14873: Red Hat Satellite 6.17 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14835: Red Hat Satellite 6.18 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13553: Red Hat Ansible Automation Platform 2.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7224: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11916: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11856: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11996: Red Hat Quay 3.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8437: Red Hat Trusted Artifact Signer 1.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T00:01:41.404Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-17T23:34:28.483Z",
                "value": "Made public."
              }
            ],
            "title": "pyOpenSSL: DTLS cookie callback buffer overflow",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pyopenssl",
              "vendor": "pyca",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 22.0.0, \u003c 26.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T23:34:28.483Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-5pwr-322w-8jr4",
            "discovery": "UNKNOWN"
          },
          "title": "pyOpenSSL DTLS cookie callback buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-27459",
        "datePublished": "2026-03-17T23:34:28.483Z",
        "dateReserved": "2026-02-19T17:25:31.100Z",
        "dateUpdated": "2026-07-01T12:04:53.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27448 (GCVE-0-2026-27448)

    Vulnerability from cvelistv5 – Published: 2026-03-17 23:24 – Updated: 2026-03-18 20:18
    VLAI
    Title
    pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
    Summary
    pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-636 - Not Failing Securely ('Failing Open')
    Assigner
    Impacted products
    Vendor Product Version
    pyca pyopenssl Affected: >= 0.14.0, < 26.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T20:17:52.492201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T20:18:08.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pyopenssl",
              "vendor": "pyca",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.14.0, \u003c 26.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T23:24:30.661Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"
            },
            {
              "name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27"
            }
          ],
          "source": {
            "advisory": "GHSA-vp96-hxj8-p424",
            "discovery": "UNKNOWN"
          },
          "title": "pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-27448",
        "datePublished": "2026-03-17T23:24:30.661Z",
        "dateReserved": "2026-02-19T17:25:31.100Z",
        "dateUpdated": "2026-03-18T20:18:08.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }