CVE-2026-27448 Overview
CVE-2026-27448 is an authentication bypass vulnerability in pyOpenSSL, a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user-provided callback to set_tlsext_servername_callback raised an unhandled exception, the connection would be incorrectly accepted instead of rejected. This behavior could allow attackers to bypass security-sensitive callback logic that applications depend on for connection validation.
Critical Impact
Applications relying on set_tlsext_servername_callback for security decisions may inadvertently accept malicious connections when callback exceptions occur, potentially bypassing authentication or authorization controls.
Affected Products
- pyOpenSSL versions 0.14.0 through 25.x (prior to 26.0.0)
- Python applications using Context.set_tlsext_servername_callback for security validation
- TLS/SSL server implementations built with affected pyOpenSSL versions
Discovery Timeline
- 2026-03-18 - CVE CVE-2026-27448 published to NVD
- 2026-03-18 - Last updated in NVD database
Technical Details for CVE-2026-27448
Vulnerability Analysis
This vulnerability falls under CWE-636 (Not Failing Securely), where the pyOpenSSL library fails to handle exceptions in a secure manner. When a developer registers a callback function using Context.set_tlsext_servername_callback to implement custom TLS Server Name Indication (SNI) validation logic, any unhandled exception raised within that callback was silently swallowed by the library. Rather than treating the exception as a failure condition and rejecting the connection, pyOpenSSL proceeded with the TLS handshake as if the callback had completed successfully.
This design flaw is particularly dangerous because developers may implement security-critical logic within these callbacks—such as validating client certificates, checking server name allowlists, or enforcing multi-tenancy isolation. An attacker who can trigger an exception in the callback code (through malformed input, resource exhaustion, or other means) could potentially bypass these security controls entirely.
Root Cause
The root cause lies in pyOpenSSL's exception handling within the C callback wrapper that bridges OpenSSL's native callback mechanism with Python callback functions. Prior to version 26.0.0, exceptions raised in the Python callback were caught but not properly propagated as TLS errors. The library failed to invoke sys.excepthook to report the exception and did not return an appropriate TLS fatal alert to terminate the handshake. This "fail open" behavior violates secure coding principles that mandate systems should fail in a secure state when encountering unexpected conditions.
Attack Vector
An attacker exploiting this vulnerability requires network access to a TLS server using an affected pyOpenSSL version with security-sensitive SNI callback logic. The attack scenario involves:
- The attacker identifies a target application using pyOpenSSL with set_tlsext_servername_callback for security validation
- The attacker crafts TLS connection requests designed to trigger exception conditions in the callback (e.g., edge cases in domain parsing, unexpected character encodings, or resource constraints)
- When the callback raises an unhandled exception, the connection proceeds as if validation succeeded
- The attacker gains access that should have been denied by the callback's security logic
The fix in version 26.0.0 now properly handles exceptions by calling sys.excepthook and returning a fatal TLS alert to reject the connection:
import os
import socket
import sys
import typing
import warnings
from collections.abc import Sequence
Source: GitHub PyOpenSSL Commit
The changelog documents this behavioral change:
^^^^^^^^
- Added ``OpenSSL.SSL.Connection.get_group_name`` to determine which group name was negotiated.
+- ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded.
25.3.0 (2025-09-16)
-------------------
Source: GitHub PyOpenSSL Changelog Entry
Detection Methods for CVE-2026-27448
Indicators of Compromise
- Unexpected successful TLS connections from untrusted sources that should have been rejected by SNI callback logic
- Application logs showing exceptions in SNI callback functions without corresponding connection terminations
- Anomalous connection patterns where clients with malformed or unexpected SNI values successfully establish sessions
Detection Strategies
- Review application logs for exceptions occurring during TLS handshake callbacks that did not result in connection failures
- Audit pyOpenSSL version dependencies in requirements.txt, Pipfile, or poetry.lock files for versions between 0.14.0 and 25.x
- Implement exception monitoring within set_tlsext_servername_callback handlers to detect and alert on unhandled exceptions
- Use dependency scanning tools to identify affected pyOpenSSL versions across your application portfolio
Monitoring Recommendations
- Enable comprehensive logging within TLS callback functions to capture all exception events with stack traces
- Monitor for unusual patterns of successful connections that bypass expected validation criteria
- Implement alerting for elevated exception rates in security-critical callback code paths
- Deploy application performance monitoring (APM) to track callback execution anomalies
How to Mitigate CVE-2026-27448
Immediate Actions Required
- Upgrade pyOpenSSL to version 26.0.0 or later to ensure exceptions in callbacks result in connection rejection
- Audit all set_tlsext_servername_callback implementations for proper exception handling with explicit try/except blocks
- Add comprehensive exception handling to all security-critical callback functions as a defense-in-depth measure
- Review connection logs for potential past exploitation attempts during the vulnerable period
Patch Information
The vulnerability is addressed in pyOpenSSL version 26.0.0. The fix ensures that unhandled exceptions in set_tlsext_servername_callback now invoke sys.excepthook for proper error reporting and return a fatal TLS alert to reject the connection. Organizations should upgrade to version 26.0.0 or later. For detailed patch information, see the GitHub Security Advisory GHSA-vp96-hxj8-p424.
Workarounds
- Wrap all callback logic in comprehensive try/except blocks that explicitly reject connections on any exception
- Implement a fail-secure pattern by returning an error status from the callback when exceptions occur
- Add logging within exception handlers to maintain visibility into callback failures
- Consider implementing additional validation layers outside the callback mechanism as redundant security controls
# Upgrade pyOpenSSL to patched version
pip install --upgrade pyOpenSSL>=26.0.0
# Verify installed version
pip show pyOpenSSL | grep Version
# For requirements.txt, update the dependency constraint
# pyOpenSSL>=26.0.0
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
