Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceUBUNTU-CVE-2026-27459

UBUNTU-CVE-2026-27459

CRITICAL9.8

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value

Published Mar 18, 2026

Modified 2 weeks ago

Fix available

Details

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to set_cookie_generate_callback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Affected Packages

pyopenssl

Ubuntu 24.04 LTS

Fixed in:

23.2.0-1ubuntu0.1

pyopenssl

Ubuntu 25.10

Fixed in:

25.0.0-1ubuntu0.1

References

https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4

https://ubuntu.com/security/CVE-2026-27459

https://ubuntu.com/security/notices/USN-8115-1

https://www.cve.org/CVERecord?id=CVE-2026-27459

CVSS Analysis

CVSS v4.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Attack Requirements

PresentAT:P

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

HighVC:H

Vuln. Integrity

HighVI:H

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Upstream

Related

Ecosystems

Ubuntu 24.04 LTS Ubuntu 25.10

Timeline

PublishedMar 18, 2026

ModifiedMar 25, 2026

UBUNTU-CVE-2026-27459 | Mondoo Vulnerability Intelligence