CVE-2026-26007
Undergoing Analysis Undergoing Analysis - In Progress
Elliptic Curve Subgroup Validation Flaw in cryptography Package

Publication date: 2026-02-10

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26007
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cryptography.io cryptography to 46.0.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the cryptography package for Python versions prior to 46.0.5. Certain functions that handle elliptic curve public keys do not verify that the provided public key point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to supply a public keys from a small-order subgroup.

As a result, when a victim uses these weak public keys in cryptographic operations like ECDSA signature verification or ECDH key negotiation, it can leak information about the victim's private key or allow signature forgery on the small subgroup. Specifically, for curves with cofactor greater than 1, this can reveal the least significant bits of the private key.

Only SECT curves are affected by this vulnerability, and it was fixed in version 46.0.5 of the cryptography package.

Impact Analysis

This vulnerability can lead to serious security issues including leakage of private key information and the ability to forge digital signatures.

  • In ECDH key negotiation, an attacker can learn information about the victim's private key modulo the small subgroup order, potentially exposing parts of the private key.
  • In ECDSA signature verification, an attacker can forge signatures on the small subgroup, compromising the integrity of digital signatures.

Overall, this can undermine the confidentiality and authenticity guarantees provided by cryptographic operations using the affected functions and curves.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade the cryptography package to version 46.0.5 or later, where the issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart