Cryptography

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-26007 MEDIUM PATCH This Month

Python's cryptography library prior to version 46.0.5 fails to validate that elliptic curve public key points belong to the expected prime-order subgroup, allowing attackers to supply crafted keys from small-order subgroups. This validation gap enables attackers to extract sensitive information about a victim's private key during ECDH key exchange or compromise ECDSA signature verification. Developers using affected key loading or generation functions should update to the patched version immediately.

Python Cryptography Redhat Suse

NVD GitHub VulDB

CVSS 3.1

6.5

EPSS

0.0%

CVE-2026-26007

EPSS 0% CVSS 6.5

MEDIUM PATCH This Month

Python's cryptography library prior to version 46.0.5 fails to validate that elliptic curve public key points belong to the expected prime-order subgroup, allowing attackers to supply crafted keys from small-order subgroups. This validation gap enables attackers to extract sensitive information about a victim's private key during ECDH key exchange or compromise ECDSA signature verification. Developers using affected key loading or generation functions should update to the patched version immediately.

Python Cryptography Redhat +1

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy