CVE-2026-27448

Publication date 18 March 2026

Last updated 23 March 2026

Ubuntu priority

Low

Why this priority?

Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

Why is this CVE low priority?

This has been rated low severity by pyOpenSSL developers

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
pyopenssl 25.10 questing
Fixed 25.0.0-1ubuntu0.1
24.04 LTS noble
Fixed 23.2.0-1ubuntu0.1
22.04 LTS jammy
Fixed 21.0.0-1ubuntu0.1
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty
Needs evaluation

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
pyopenssl

References

Related Ubuntu Security Notices (USN)

    • USN-8115-1
    • pyOpenSSL vulnerabilities
    • 23 March 2026

Other references

Access our resources on patching vulnerabilities