Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cryptography@42.0.4
Typepypi
Namespace
Namecryptography
Version42.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version46.0.5
Latest_non_vulnerable_version46.0.7
Affected_by_vulnerabilities
0
url VCID-f44c-ygbw-bufn
vulnerability_id VCID-f44c-ygbw-bufn
summary 
cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
## Vulnerability Summary

The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.

This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.

Only SECT curves are impacted by this.

## Credit

This vulnerability was discovered by:
- XlabAI Team of Tencent Xuanwu Lab
- Atuin Automated Vulnerability Discovery Engine
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00691
published_at 2026-04-13T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00708
published_at 2026-04-07T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00707
published_at 2026-04-08T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00697
published_at 2026-04-11T12:55:00Z
4
value 9e-05
scoring_system epss
scoring_elements 0.00944
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
6
reference_url https://github.com/pyca/cryptography/releases/tag/46.0.5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/releases/tag/46.0.5
7
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
9
reference_url http://www.openwall.com/lists/oss-security/2026/02/10/4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/10/4
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
reference_id 1127926
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
reference_id 2438762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
12
reference_url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
reference_id GHSA-r6ph-v2qm-q3c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
15
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
16
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
17
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
18
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
19
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
20
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
21
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
22
reference_url https://usn.ubuntu.com/8087-1/
reference_id USN-8087-1
reference_type
scores
url https://usn.ubuntu.com/8087-1/
fixed_packages
0
url pkg:pypi/cryptography@46.0.5
purl pkg:pypi/cryptography@46.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.5
aliases CVE-2026-26007, GHSA-r6ph-v2qm-q3c2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f44c-ygbw-bufn
1
url VCID-gqj1-zam7-c3bv
vulnerability_id VCID-gqj1-zam7-c3bv
summary 
Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12797
reference_id
reference_type
scores
0
value 0.00773
scoring_system epss
scoring_elements 0.7357
published_at 2026-04-13T12:55:00Z
1
value 0.00773
scoring_system epss
scoring_elements 0.73578
published_at 2026-04-12T12:55:00Z
2
value 0.00773
scoring_system epss
scoring_elements 0.73528
published_at 2026-04-02T12:55:00Z
3
value 0.00773
scoring_system epss
scoring_elements 0.73595
published_at 2026-04-11T12:55:00Z
4
value 0.00773
scoring_system epss
scoring_elements 0.73572
published_at 2026-04-09T12:55:00Z
5
value 0.00773
scoring_system epss
scoring_elements 0.73559
published_at 2026-04-08T12:55:00Z
6
value 0.00773
scoring_system epss
scoring_elements 0.73523
published_at 2026-04-07T12:55:00Z
7
value 0.00773
scoring_system epss
scoring_elements 0.73551
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12797
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/
url https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
4
reference_url https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/
url https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
5
reference_url https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/
url https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
6
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
7
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12797
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12797
9
reference_url https://openssl-library.org/news/secadv/20250211.txt
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/
url https://openssl-library.org/news/secadv/20250211.txt
10
reference_url http://www.openwall.com/lists/oss-security/2025/02/11/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/02/11/3
11
reference_url http://www.openwall.com/lists/oss-security/2025/02/11/4
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/02/11/4
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095765
reference_id 1095765
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095765
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2342757
reference_id 2342757
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2342757
14
reference_url https://github.com/advisories/GHSA-79v4-65xg-pq4g
reference_id GHSA-79v4-65xg-pq4g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-79v4-65xg-pq4g
15
reference_url https://access.redhat.com/errata/RHSA-2025:1330
reference_id RHSA-2025:1330
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1330
16
reference_url https://access.redhat.com/errata/RHSA-2025:1487
reference_id RHSA-2025:1487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1487
17
reference_url https://access.redhat.com/errata/RHSA-2025:1925
reference_id RHSA-2025:1925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1925
18
reference_url https://access.redhat.com/errata/RHSA-2025:1985
reference_id RHSA-2025:1985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1985
19
reference_url https://access.redhat.com/errata/RHSA-2025:2754
reference_id RHSA-2025:2754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2754
20
reference_url https://access.redhat.com/errata/RHSA-2025:4005
reference_id RHSA-2025:4005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4005
21
reference_url https://access.redhat.com/errata/RHSA-2025:9895
reference_id RHSA-2025:9895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9895
22
reference_url https://usn.ubuntu.com/7264-1/
reference_id USN-7264-1
reference_type
scores
url https://usn.ubuntu.com/7264-1/
fixed_packages
0
url pkg:pypi/cryptography@44.0.1
purl pkg:pypi/cryptography@44.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f44c-ygbw-bufn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@44.0.1
aliases CVE-2024-12797, GHSA-79v4-65xg-pq4g
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqj1-zam7-c3bv
2
url VCID-p5vx-kq3j-b3ds
vulnerability_id VCID-p5vx-kq3j-b3ds
summary 
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
references
0
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
1
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27
2
reference_url https://openssl-library.org/news/secadv/20240903.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://openssl-library.org/news/secadv/20240903.txt
3
reference_url https://github.com/advisories/GHSA-h4gh-qq45-vh27
reference_id GHSA-h4gh-qq45-vh27
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4gh-qq45-vh27
fixed_packages
0
url pkg:pypi/cryptography@43.0.1
purl pkg:pypi/cryptography@43.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f44c-ygbw-bufn
1
vulnerability VCID-gqj1-zam7-c3bv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@43.0.1
aliases GHSA-h4gh-qq45-vh27
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5vx-kq3j-b3ds
Fixing_vulnerabilities
0
url VCID-g772-pn9e-7ufv
vulnerability_id VCID-g772-pn9e-7ufv
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26130
reference_id
reference_type
scores
0
value 0.00425
scoring_system epss
scoring_elements 0.62262
published_at 2026-04-12T12:55:00Z
1
value 0.00425
scoring_system epss
scoring_elements 0.62273
published_at 2026-04-11T12:55:00Z
2
value 0.00425
scoring_system epss
scoring_elements 0.62241
published_at 2026-04-13T12:55:00Z
3
value 0.00462
scoring_system epss
scoring_elements 0.64251
published_at 2026-04-09T12:55:00Z
4
value 0.00462
scoring_system epss
scoring_elements 0.64235
published_at 2026-04-08T12:55:00Z
5
value 0.00462
scoring_system epss
scoring_elements 0.64197
published_at 2026-04-02T12:55:00Z
6
value 0.00462
scoring_system epss
scoring_elements 0.64225
published_at 2026-04-04T12:55:00Z
7
value 0.00462
scoring_system epss
scoring_elements 0.64185
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26130
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
4
reference_url https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/
url https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
5
reference_url https://github.com/pyca/cryptography/pull/10423
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/
url https://github.com/pyca/cryptography/pull/10423
6
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26130
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778
reference_id 1064778
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2269617
reference_id 2269617
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2269617
11
reference_url https://github.com/advisories/GHSA-6vqw-3v5j-54x4
reference_id GHSA-6vqw-3v5j-54x4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vqw-3v5j-54x4
12
reference_url https://security.gentoo.org/glsa/202407-06
reference_id GLSA-202407-06
reference_type
scores
url https://security.gentoo.org/glsa/202407-06
13
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
14
reference_url https://access.redhat.com/errata/RHSA-2024:7987
reference_id RHSA-2024:7987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7987
15
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
16
reference_url https://access.redhat.com/errata/RHSA-2025:15608
reference_id RHSA-2025:15608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15608
17
reference_url https://usn.ubuntu.com/6673-1/
reference_id USN-6673-1
reference_type
scores
url https://usn.ubuntu.com/6673-1/
18
reference_url https://usn.ubuntu.com/6673-3/
reference_id USN-6673-3
reference_type
scores
url https://usn.ubuntu.com/6673-3/
fixed_packages
0
url pkg:pypi/cryptography@42.0.4
purl pkg:pypi/cryptography@42.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f44c-ygbw-bufn
1
vulnerability VCID-gqj1-zam7-c3bv
2
vulnerability VCID-p5vx-kq3j-b3ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.4
aliases CVE-2024-26130, GHSA-6vqw-3v5j-54x4, PYSEC-2024-225
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g772-pn9e-7ufv
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.4