{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"python-cryptography security update", "category":"general", "title":"Synopsis" }, { "text":"An update for python-cryptography is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.\n\nSecurity Fix(es):\n\nThis vulnerability exists in the pyca cryptography library due to missing subgroup validation for SECT curves. An attacker could exploit this to perform subgroup attacks, potentially leading to security bypass.(CVE-2026-26007)", "category":"general", "title":"Description" }, { "text":"An update for python-cryptography is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"python-cryptography", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1670", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1670" }, { "summary":"CVE-2026-26007", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26007&packageName=python-cryptography" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26007" }, { "summary":"openEuler-SA-2026-1670 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1670.json" } ], "title":"An update for python-cryptography is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2026-03-20T22:25:46+08:00", "revision_history":[ { "date":"2026-03-20T22:25:46+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-20T22:25:46+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-20T22:25:46+08:00", "id":"openEuler-SA-2026-1670", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-cryptography-42.0.2-9.oe2403sp1.src.rpm", "name":"python-cryptography-42.0.2-9.oe2403sp1.src.rpm" }, "name":"python-cryptography-42.0.2-9.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.aarch64.rpm", "name":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.aarch64.rpm" }, "name":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.aarch64.rpm", "name":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.aarch64.rpm" }, "name":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-cryptography-42.0.2-9.oe2403sp1.aarch64.rpm", "name":"python3-cryptography-42.0.2-9.oe2403sp1.aarch64.rpm" }, "name":"python3-cryptography-42.0.2-9.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.x86_64.rpm", "name":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.x86_64.rpm" }, "name":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.x86_64.rpm", "name":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.x86_64.rpm" }, "name":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-cryptography-42.0.2-9.oe2403sp1.x86_64.rpm", "name":"python3-cryptography-42.0.2-9.oe2403sp1.x86_64.rpm" }, "name":"python3-cryptography-42.0.2-9.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python-cryptography-help-42.0.2-9.oe2403sp1.noarch.rpm", "name":"python-cryptography-help-42.0.2-9.oe2403sp1.noarch.rpm" }, "name":"python-cryptography-help-42.0.2-9.oe2403sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-cryptography-42.0.2-9.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-cryptography-42.0.2-9.oe2403sp1.src", "name":"python-cryptography-42.0.2-9.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-cryptography-debuginfo-42.0.2-9.oe2403sp1.aarch64", "name":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-cryptography-debugsource-42.0.2-9.oe2403sp1.aarch64", "name":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-cryptography-42.0.2-9.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-cryptography-42.0.2-9.oe2403sp1.aarch64", "name":"python3-cryptography-42.0.2-9.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-cryptography-debuginfo-42.0.2-9.oe2403sp1.x86_64", "name":"python-cryptography-debuginfo-42.0.2-9.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-cryptography-debugsource-42.0.2-9.oe2403sp1.x86_64", "name":"python-cryptography-debugsource-42.0.2-9.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-cryptography-42.0.2-9.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-cryptography-42.0.2-9.oe2403sp1.x86_64", "name":"python3-cryptography-42.0.2-9.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python-cryptography-help-42.0.2-9.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python-cryptography-help-42.0.2-9.oe2403sp1.noarch", "name":"python-cryptography-help-42.0.2-9.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-26007", "notes":[ { "text":"This vulnerability exists in the pyca cryptography library due to missing subgroup validation for SECT curves. An attacker could exploit this to perform subgroup attacks, potentially leading to security bypass.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:python-cryptography-42.0.2-9.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python-cryptography-debuginfo-42.0.2-9.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python-cryptography-debugsource-42.0.2-9.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-cryptography-42.0.2-9.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python-cryptography-debuginfo-42.0.2-9.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python-cryptography-debugsource-42.0.2-9.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-cryptography-42.0.2-9.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python-cryptography-help-42.0.2-9.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"python-cryptography security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1670" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.2, "vectorString":"CVSS:3.1/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-26007" } ] }