Fluid Attacks Database

Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to set_tlsext_servername_callback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	pyopenssl	>=0.14.0 <26.0.0	26.0.0
debian 12	pyopenssl	=23.0.0-1 \|\| =23.2.0-1 \|\| =24.0.0-1 \|\| =24.0.0-2 \|\| =24.0.0-3 \|\| =24.0.0-4 \|\| =24.0.0-5 \|\| =24.1.0-1 \|\| =24.2.1-1 \|\| =24.3.0-1 \|\| =25.0.0-1 \|\| =25.1.0-1 \|\| =25.1.0-2 \|\| =25.3.0-1 \|\| =25.3.0-2 \|\| =26.0.0-1 \|\| =26.1.0-1	-
rpm rhel8	pyOpenSSL	-	-
debian 14	pyopenssl	=25.0.0-1 \|\| =25.1.0-1 \|\| =25.1.0-2 \|\| =25.3.0-1 \|\| =25.3.0-2 \|\| >=0 <26.0.0-1	26.0.0-1
debian 11	pyopenssl	=20.0.1-1 \|\| =21.0.0-1 \|\| =22.1.0+really21.0.0-1 \|\| =22.1.0-1 \|\| =23.0.0-1 \|\| =23.2.0-1 \|\| =24.0.0-1 \|\| =24.0.0-2 \|\| =24.0.0-3 \|\| =24.0.0-4 \|\| =24.0.0-5 \|\| =24.1.0-1 \|\| =24.2.1-1 \|\| =24.3.0-1 \|\| =25.0.0-1 \|\| =25.1.0-1 \|\| =25.1.0-2 \|\| =25.3.0-1 \|\| =25.3.0-2 \|\| =26.0.0-1 \|\| =26.1.0-1	-
debian 13	pyopenssl	=25.0.0-1 \|\| =25.1.0-1 \|\| =25.1.0-2 \|\| =25.3.0-1 \|\| =25.3.0-2 \|\| =26.0.0-1 \|\| =26.1.0-1	-

Aliases

1. CVE-2026-274482. NVD-2026-274483. OSV-2026-274484. OSV-DEBIAN-2026-274485. GHSA-vp96-hxj8-p4246. GCVE-2026-274487. SECURITY-TRACKER-CVE-2026-27448

References

1. https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p4242. https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa03. https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.