CVE Catalog

CVE-2026-39892

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.65%

47th percentile - higher than 47% of all known CVEs

Summary

A vulnerability in the cryptography library for Python allows buffer overflow when processing non-contiguous buffers passed to APIs such as Hash.update(). The issue affects versions from 45.0.0 to 46.0.6.

Risk Assessment

An attacker could exploit this vulnerability to execute code or cause application crashes, potentially leading to data confidentiality or integrity breaches.

Recommendation

Immediately update the cryptography library to version 46.0.7 or later.

Original NVD description (English source)

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS