Vulnerability in Pyca Cryptography

CVE-2026-26007

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), loa…

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

Affected products

Pyca Cryptography — versions < 46.0.5

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2 (x_refsource_CONFIRM)
https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c (x_refsource_MISC)