Primary

Context

pyOpenSSL Server Name Callback Exception Handling Vulnerability

Vulnerability

Patched

A vulnerability exists in pyOpenSSL versions 0.14.0 prior to 26.0.0, where an unhandled exception in a user-provided callback for the 'set_tlsext_servername_callback' could lead to a connection being accepted, potentially bypassing security-sensitive checks. This issue has been addressed in version 26.0.0, where such exceptions now cause the connection to be rejected.

Impact

This vulnerability could allow for the bypass of security-sensitive behaviors that rely on the server name callback, potentially leading to unauthorized actions or access.

Reproduction

To reproduce this vulnerability, set a server name callback using 'Context.set_tlsext_servername_callback' that raises an unhandled exception. Then, establish a connection. The callback's exception will not be properly handled, allowing the connection to proceed despite the error.

Remediation

Users can upgrade to pyOpenSSL version 26.0.0 or later, where this vulnerability has been fixed.

Added: Mar 18, 2026, 12:27 AM

Updated: Mar 18, 2026, 12:27 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

1.3

exploitability

8.4

remediation

7.7

relevance

4.1

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

1.3

exploitability

8.4

remediation

7.7

relevance

4.1

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pyOpenSSL Server Name Callback Exception Handling Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

pyOpenSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating