PT-2026-28785 — Unknown Python3-Cryptography+2

PT-2026-28785 · Unknown · Python3-Cryptography+2

Published

2026-03-16

Updated

2026-03-16

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions python-cryptography versions prior to 41.0.7-4ubuntu0.4

Description The python-cryptography package incorrectly handled subgroup validation for SECT curves. This could allow a remote attacker to perform a subgroup attack and potentially recover the least significant bits of private keys.

Recommendations Update python-cryptography-doc to version 41.0.7-4ubuntu0.4. Update python3-cryptography to version 41.0.7-4ubuntu0.4. Run sudo pro fix USN-8087-2 to fix the vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

USN-8087-2

Affected Products

Python-Cryptography

Python-Cryptography-Doc

Python3-Cryptography