cryptography before 46.0.5: Missing subgroup validation in public key imports
CVE-2026-26007 Published on February 10, 2026

cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.

Github Repository NVD

Vulnerability Analysis

CVE-2026-26007 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Types

Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.


Products Associated with CVE-2026-26007

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-26007 are published in these products:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Affected Versions

pyca cryptography: Red Hat Ansible Automation Platform 2.5 for RHEL 8: Red Hat Ansible Automation Platform 2.5 for RHEL 9: Red Hat Enterprise Linux AppStream (v. 8): Red Hat Enterprise Linux AppStream E4S (v.9.2): Red Hat Enterprise Linux AppStream EUS (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux HighAvailability (v. 8): Red Hat Enterprise Linux High Availability E4S (v.9.2): Red Hat Enterprise Linux High Availability EUS (v.9.4): Red Hat Ansible Automation Platform 2.5: Red Hat Ansible Automation Platform 2.6: Red Hat Discovery 2: Red Hat Hardened Images: Red Hat OpenShift AI 2.25: Red Hat Quay 3.10: Red Hat Quay 3.15: Red Hat Quay 3.16: Red Hat Quay 3.9: Red Hat Satellite 6.18: Red Hat Enterprise Linux ResilientStorage (v. 8): Red Hat Enterprise Linux Resilient Storage E4S (v.9.2): Red Hat Enterprise Linux Resilient Storage EUS (v.9.4): Red Hat OpenShift Lightspeed: Red Hat Ansible Automation Platform 2: Red Hat OpenShift AI (RHOAI): Red Hat Satellite 6: Red Hat Trusted Artifact Signer: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Ansible Automation Platform Ansible Core 2: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9:

Vulnerable Packages

The following package name and versions may be associated with CVE-2026-26007

Package Manager Vulnerable Package Versions Fixed In
pip cryptography <= 46.0.4 46.0.5

Exploit Probability

EPSS
0.23%
Percentile
13.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.