CVE-2026-27459

UNKNOWN 0.0

pyOpenSSL DTLS cookie callback buffer overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

CWE	CWE-120
Vendor	pyca
Product	pyopenssl
Published	Mar 17, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for pyca pyopenssl

Be the first to know when new unknown vulnerabilities affecting pyca pyopenssl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pyca / pyopenssl

>= 22.0.0, < 26.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 github.com: https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408 github.com: https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst