CVE-2026-27448 | pyca pyOpenSSL up to 0.14.0/26.0.0 set_tlsext_servername_callback access control (GHSA-vp96-hxj8-p424)

Inserito da Angelo Barbosa | Mar 18, 2026 | CVE

A vulnerability labeled as critical has been found in pyca pyOpenSSL up to 0.14.0/26.0.0. Affected by this issue is the function set_tlsext_servername_callback. The manipulation results in improper access controls.

This vulnerability is identified as CVE-2026-27448. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-27448 | pyca pyOpenSSL up to 0.14.0/26.0.0 set_tlsext_servername_callback access control (GHSA-vp96-hxj8-p424)

Post correlati

CVE-2025-15070 | Gmission Web Fax up to 3.x information disclosure

CVE-2024-10020 | Heateor Social Login Plugin up to 1.1.35 on WordPress improper authentication

CVE-2024-25690 | Esri ArcGIS Enterprise Web App Builder up to 11.1 on ArcGIS Link cross site scripting

CVE-2024-48307 | JeecgBoot 3.7.1 getTotalData sql injection