pyca cryptography up to 46.0.4 data authenticity

Summaryinfo

A vulnerability was found in pyca cryptography up to 46.0.4. It has been declared as problematic. Impacted is the function EllipticCurvePublicNumbers.public_key/EllipticCurvePublicNumbers.public_key/load_der_public_key/load_pem_public_key. The manipulation results in data authenticity. This vulnerability is reported as CVE-2026-26007. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in pyca cryptography up to 46.0.4. It has been classified as problematic. Affected is the function EllipticCurvePublicNumbers.public_key/EllipticCurvePublicNumbers.public_key/load_der_public_key/load_pem_public_key. The manipulation with an unknown input leads to a data authenticity vulnerability. CWE is classifying the issue as CWE-345. The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. This is going to have an impact on confidentiality. CVE summarizes:

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.

The advisory is shared for download at github.com. This vulnerability is traded as CVE-2026-26007 since 02/09/2026. The exploitability is told to be difficult. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 298585 (Linux Distros Unpatched Vulnerability : CVE-2026-26007), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 46.0.5 eliminates this vulnerability. Applying the patch 0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (298585) and CERT Bund (WID-SEC-2026-0935). Once again VulDB remains the best source for vulnerability data.

Affected

• Amazon Linux 2
• Red Hat Enterprise Linux
• SUSE Linux
• IBM App Connect Enterprise
• Red Hat Ansible Automation Platform

Productinfo

Vendor

• pyca

Name

• cryptography

Version

• 46.0.0
• 46.0.1
• 46.0.2
• 46.0.3
• 46.0.4

License

• open-source

Website

• Product: https://github.com/pyca/cryptography/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion