CNNVD-202602-1418 Information

Feb 10, 2026 cve

CNNVD ID

CNNVD-202602-1418

CVE-2026-26007

  • CNNVD Published: 2026-02-10

Description (Chinese)

cryptography是Python Cryptographic Authority开源的一个Python的加密库。 cryptography 46.0.5之前版本存在安全漏洞,该漏洞源于多个公钥相关函数未验证点是否属于曲线的预期素数阶子群,可能导致私钥信息泄露或签名伪造。

Description (English)

cryptography is an encryption library of Python Crystal Satellite Open Source. There was a security loophole in the previous version of cryptography 46.0.5, which stemmed from the fact that multiple public key-related functions did not verify whether points were part of the expected base number stratification of the curve, which could result in private key information being leaked or signed.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Python Cryptographic Authority

Published

2026-02-10

Last Modified

2026-02-24

References

https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2 http://www.openwall.com/lists/oss-security/2026/02/10/4 https://access.redhat.com/security/cve/cve-2026-26007

Patch

https://cryptography.io/en/latest/

Share on: