CVE-2026-26007 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-26007 Interim 1 1 2026-03-05T00:15:35Z current 2026-03-05T00:15:35Z 2026-03-05T00:15:35Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-26007 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Server for SAP applications 16.0 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP4 openSUSE Leap 15.6 openSUSE Tumbleweed python-cryptography python2-cryptography python3-cryptography python311-cryptography python311-cryptography-46.0.5-1.1 python312-cryptography-46.0.5-1.1 python313-cryptography python313-cryptography-46.0.5-1.1 python311-cryptography-46.0.5-1.1 as a component of openSUSE Tumbleweed python312-cryptography-46.0.5-1.1 as a component of openSUSE Tumbleweed python313-cryptography-46.0.5-1.1 as a component of openSUSE Tumbleweed python311-cryptography as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS python-cryptography as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS python311-cryptography as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS python-cryptography as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS python3-cryptography as a component of SUSE Linux Enterprise Micro 5.2 python-cryptography as a component of SUSE Linux Enterprise Micro 5.2 python311-cryptography as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4 python-cryptography as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4 python311-cryptography as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 python-cryptography as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 python-cryptography as a component of SUSE Linux Enterprise Server 12 SP2-LTSS python3-cryptography as a component of SUSE Linux Enterprise Server 12 SP2-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 12 SP4-LTSS python3-cryptography as a component of SUSE Linux Enterprise Server 12 SP4-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python3-cryptography as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security python2-cryptography as a component of SUSE Linux Enterprise Server 15 SP1-LTSS python3-cryptography as a component of SUSE Linux Enterprise Server 15 SP1-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 15 SP1-LTSS python2-cryptography as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-cryptography as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-cryptography as a component of SUSE Linux Enterprise Server 15 SP3-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 15 SP3-LTSS python311-cryptography as a component of SUSE Linux Enterprise Server 15 SP4-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 15 SP4-LTSS python311-cryptography as a component of SUSE Linux Enterprise Server 15 SP5-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 15 SP5-LTSS python311-cryptography as a component of SUSE Linux Enterprise Server 15 SP6-LTSS python-cryptography as a component of SUSE Linux Enterprise Server 15 SP6-LTSS python313-cryptography as a component of SUSE Linux Enterprise Server 16.0 python-cryptography as a component of SUSE Linux Enterprise Server 16.0 python-cryptography as a component of SUSE Linux Enterprise Server Teradata 12 SP3 python-cryptography as a component of SUSE Linux Enterprise Server Teradata 15 SP4 python311-cryptography as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 python-cryptography as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 python311-cryptography as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 python-cryptography as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 python311-cryptography as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 python-cryptography as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 python313-cryptography as a component of SUSE Linux Enterprise Server for SAP applications 16.0 python-cryptography as a component of SUSE Linux Enterprise Server for SAP applications 16.0 python311-cryptography as a component of SUSE Linux Micro 6.0 python-cryptography as a component of SUSE Linux Micro 6.0 python311-cryptography as a component of SUSE Linux Micro 6.1 python-cryptography as a component of SUSE Linux Micro 6.1 python311-cryptography as a component of openSUSE Leap 15.6 python-cryptography as a component of openSUSE Leap 15.6 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5. CVE-2026-26007 openSUSE Tumbleweed:python311-cryptography-46.0.5-1.1 openSUSE Tumbleweed:python312-cryptography-46.0.5-1.1 openSUSE Tumbleweed:python313-cryptography-46.0.5-1.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python-cryptography SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-cryptography SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python-cryptography SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-cryptography SUSE Linux Enterprise Micro 5.2:python-cryptography SUSE Linux Enterprise Micro 5.2:python3-cryptography SUSE Linux Enterprise Module for Public Cloud 15 SP4:python-cryptography SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-cryptography SUSE Linux Enterprise Module for Python 3 15 SP7:python-cryptography SUSE Linux Enterprise Module for Python 3 15 SP7:python311-cryptography SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography SUSE Linux Enterprise Server 12 SP4-LTSS:python-cryptography SUSE Linux Enterprise Server 12 SP4-LTSS:python3-cryptography SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:python-cryptography SUSE Linux Enterprise Server 12 SP5-LTSS:python-cryptography SUSE Linux Enterprise Server 12 SP5-LTSS:python3-cryptography SUSE Linux Enterprise Server 15 SP1-LTSS:python-cryptography SUSE Linux Enterprise Server 15 SP1-LTSS:python2-cryptography SUSE Linux Enterprise Server 15 SP1-LTSS:python3-cryptography SUSE Linux Enterprise Server 15 SP2-LTSS:python-cryptography SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography SUSE Linux Enterprise Server 15 SP3-LTSS:python-cryptography SUSE Linux Enterprise Server 15 SP3-LTSS:python3-cryptography SUSE Linux Enterprise Server 15 SP4-LTSS:python-cryptography SUSE Linux Enterprise Server 15 SP4-LTSS:python311-cryptography SUSE Linux Enterprise Server 15 SP5-LTSS:python-cryptography SUSE Linux Enterprise Server 15 SP5-LTSS:python311-cryptography SUSE Linux Enterprise Server 15 SP6-LTSS:python-cryptography SUSE Linux Enterprise Server 15 SP6-LTSS:python311-cryptography SUSE Linux Enterprise Server Teradata 12 SP3:python-cryptography SUSE Linux Enterprise Server Teradata 15 SP4:python-cryptography SUSE Linux Enterprise Server for SAP Applications 15 SP4:python-cryptography SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-cryptography SUSE Linux Enterprise Server for SAP Applications 15 SP5:python-cryptography SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-cryptography SUSE Linux Enterprise Server for SAP Applications 15 SP6:python-cryptography SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-cryptography openSUSE Leap 15.6:python-cryptography openSUSE Leap 15.6:python311-cryptography moderate 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N