COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-27459

CVE-2026-27459

Severity
critical
Source
NVD · cve
Published
2026-03-18
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-27459
shame 35/100

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Sta

Players implicated

pyopenssl · vendorpyopenssl · product

Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.