https://www.pyopenssl.org/en/latest/changelog.html lists among the changes in pyOpenSSL 26.0.0:
* Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459 * Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448
These are also listed at: https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424 but with not much more detail provided. -- -Alan Coopersmith- [email protected] Oracle Solaris Engineering - https://blogs.oracle.com/solaris
