{"schema_version":"1.7.2","id":"OESA-2026-1732","modified":"2026-03-27T14:03:55Z","published":"2026-03-27T14:03:55Z","upstream":["CVE-2026-27448"],"summary":"pyOpenSSL security update","details":"pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library.\r\n\r\nSecurity Fix(es):\n\nA security vulnerability exists in the PyOpenSSL library's `set_tlsext_servername_callback` function. When a user-provided callback function raises an unhandled exception, the connection would still be accepted. If a user relies on this callback for any security-sensitive behavior (such as server name-based access control or certificate validation), this vulnerability could allow the security mechanism to be bypassed, potentially permitting unauthorized connections or access.(CVE-2026-27448)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"pyOpenSSL","purl":"pkg:rpm/openEuler/pyOpenSSL&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20.0.1-2.oe2003sp4"}]}],"ecosystem_specific":{"noarch":["pyOpenSSL-help-20.0.1-2.oe2003sp4.noarch.rpm","python2-pyOpenSSL-20.0.1-2.oe2003sp4.noarch.rpm","python3-pyOpenSSL-20.0.1-2.oe2003sp4.noarch.rpm"],"src":["pyOpenSSL-20.0.1-2.oe2003sp4.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1732"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27448"}],"database_specific":{"severity":"Low"}}