CVE-2026-26007

CVSS v4.0

8.2

High

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions cryptography versions prior to 46.0.5

Description The public key from numbers (or EllipticCurvePublicNumbers.public key()), EllipticCurvePublicNumbers.public key(), load der public key(), and load pem public key() functions do not validate that the provided public key point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to supply a public key point P from a small-order subgroup, potentially leading to security issues in signature verification (ECDSA) and shared key negotiation (ECDH). When using ECDH, the victim's private key modulo the small subgroup order may be leaked. For curves with a cofactor greater than 1, the least significant bits of the private key are revealed. Exploiting this issue with weak public keys in ECDSA enables signature forgery on the small subgroup. This issue only impacts SECT curves.

Recommendations Upgrade to cryptography version 46.0.5 or later.

Exploit

Fix

DoS

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALSA-2026:12176

AZL-77447

AZL-77454

CVE-2026-26007

ECHO-9290-B93D-4581

GHSA-R6PH-V2QM-Q3C2

OESA-2026-1669

OESA-2026-1670

OESA-2026-1671

OESA-2026-1672

OPENSUSE-SU-2026:10205-1

OPENSUSE-SU-2026:10539-1

OPENSUSE-SU-2026:20506-1

RHSA-2026:12176

RHSA-2026:13512

RHSA-2026:13672

RHSA-2026:7295

SUSE-SU-2026:20655-1

SUSE-SU-2026:20706-1

SUSE-SU-2026:21021-1

SUSE-SU-2026:21165-1

USN-8087-1

USN-8087-3

Affected Products

Linuxmint

Rocky Linux

Sect

Ubuntu

Cryptography

CVE-2026-26007

Weakness Enumeration

Related Identifiers

Affected Products

References · 89