PyCA cryptography 46.0.5 released with fix for CVE-2026-26007

[Alan Coopersmith <alan.coopersmith () oracle com>]

-------- Forwarded Message --------
Subject: [Python-announce] PyCA cryptography 46.0.5 released
Date: Tue, 10 Feb 2026 13:33:26 -0600
From: Paul Kehrer via Python-announce-list <python-announce-list () python org>
Reply-To: python-list () python org
To: cryptography-dev () python org, python-announce-list () python org
CC: Paul Kehrer <paul.l.kehrer () gmail com>

PyCA cryptography 46.0.0 has been released to PyPI. cryptography includes
both high level recipes and low level interfaces to common
cryptographic algorithms
such as symmetric ciphers, asymmetric algorithms, message digests, X.509,
key derivation functions, and much more. We support Python 3.8+, and PyPy3
3.11.

Changelog (https://cryptography.io/en/latest/changelog/#v46-0-5)
* An attacker could create a malicious public key that reveals portions of
your private key when using certain uncommon elliptic curves (binary
curves). This version now includes additional security checks to prevent
this attack. This issue only affects binary elliptic curves, which are
rarely used in real-world applications. Credit to **XlabAI Team of Tencent
Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for
reporting the issue. **CVE-2026-26007**
* Support for SECT binary elliptic curves is deprecated and will be removed
in the next release.

-Paul Kehrer (reaperhulk)
_______________________________________________
Python-announce-list mailing list -- python-announce-list () python org
To unsubscribe send an email to python-announce-list-leave () python org
https://mail.python.org/mailman3//lists/python-announce-list.python.org
Member address: alan.coopersmith () oracle com