CVE-2026-27459

ADVISORY - github

Summary

If a user provided callback to set_cookie_generate_callback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer.

Cookie values that are too long are now rejected.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-120⁠

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Impacted images

Advisories

GitHub

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY IDGHSA-5pwr-322w-8jr4⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-120⁠

CVSS SCORE

7.2high