CRITICAL 9.8
PYSEC-2026-2269
Details
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pyopenssl
Introduced in:
22.0.0 Fixed in: 26.0.0 Fix
pip install --upgrade 'pyopenssl>=26.0.0' References
- https://access.redhat.com/security/cve/CVE-2026-27459 [WEB]
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27459.json [WEB]
- https://access.redhat.com/errata/RHSA-2026:10754 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:11856 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:11916 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:11996 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:13508 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:13512 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:13545 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:13553 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:14835 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:14873 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:14874 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:19375 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:21017 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:22465 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:24853 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:7224 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2026:8437 [ADVISORY]
- https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst [ADVISORY]
- https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 [ADVISORY]
- https://bugzilla.redhat.com/show_bug.cgi?id=2448503 [REPORT]
- https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408 [FIX]