CVE-2026-39892

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 08, 2026

Vendor unknown

Description

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

References

https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq