CVE-2026-27448: pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Overview
- Severity
- N/A
- Exploit Status
- Not Exploited
- Patch Tuesday
- 2026-Mar
- Released
- 2026-03-19
- Last Updated
- 2026-03-21
- EPSS Score
- 0.04% (percentile: 12.3%)
Affected Products (2)
Open Source Software
- azl3 pyOpenSSL 24.2.1-1 on Azure Linux 3.0
- cbl2 pyOpenSSL 18.0.0-8 on CBL Mariner 2.0
Revision History
- 2026-03-19: Information published.
- 2026-03-21: Information published.