CVE-2026-27448

ADVISORY - github

Summary

If a user provided callback to set_tlsext_servername_callback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it.

Unhandled exceptions now result in rejecting the connection.

Credit to Leury Castillo for reporting this issue.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-636⁠

Not Failing Securely ('Failing Open')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.