PT-2026-31459 · Pypi · Cryptography

·

CVE-2026-39892

·

Published

2026-04-08

·

Updated

2026-07-10

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions cryptography versions 45.0.0 through 46.0.6
Description The cryptography package, designed for cryptographic primitives in Python, contains a flaw where non-contiguous buffers passed to APIs accepting Python buffers (e.g., Hash.update()) can lead to buffer overflows. This issue affects Python versions greater than 3.11.
Recommendations Update to cryptography version 46.0.7 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CLEANSTART-2026-CQ05396
CVE-2026-39892
ECHO-0A60-183D-A61B
GHSA-P423-J2CM-9VMQ
OPENSUSE-SU-2026:10535-1
PYSEC-2026-36
RHSA-2026:24761
RHSA-2026:24762
RHSA-2026:7295

Affected Products

Cryptography