VDB
CVE-2026-27448
CVE-2026-27448
PUBLISHED
CVSS 7.199999809265137 HIGH
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
EPSS 0.04% · 13.6th percentile
Risk Scores
CVSS 4.0
7.199999809265137
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
EPSS Score
0.04%
13.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 5.10.252, 6.1.165, 6.12.75 |
| linux | linux_kernel | 2.6.24, 2.6.24, 2.6.24 |
| pyca | pyopenssl | >= 22.0.0, < 26.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-27459 (circl-sighting)
- https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 (circl)
- https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408 (circl)
- https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst (circl)
- https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e (circl)
- https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7 (circl)
- https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2 (circl)
- https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d (circl)
- https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316 (circl)
- https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56 (circl)
…and 16 more exploits
Timeline
- Mar 16, 2026 CVE Published
- Mar 17, 2026 Security Advisory
- Mar 18, 2026 EPSS Score
- Mar 19, 2026 CVE Updated
- Mar 19, 2026 EPSS Score
- Mar 20, 2026 EPSS Score
- Mar 21, 2026 EPSS Score
- Mar 22, 2026 EPSS Score
- Mar 23, 2026 EPSS Score
- Mar 23, 2026 PoC Published
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27448 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71265 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23243 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27135 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23241 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71267 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23266 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23259 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23267 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23248 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23233 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71239 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32775 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71266 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27459 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23242 advisory
- https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e url
- https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7 url
- https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2 url
- https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d url
…and 22 more