CVE-2026-39892

UNKNOWN 0.0

cryptography has a buffer overflow if non-contiguous buffers were passed to APIs

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

13th

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

CWE	CWE-119
Vendor	pyca
Product	cryptography
Published	Apr 8, 2026
Last Updated	Apr 9, 2026

Stay Ahead of the Next One

Get instant alerts for pyca cryptography

Be the first to know when new unknown vulnerabilities affecting pyca cryptography are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pyca / cryptography

>= 45.0.0, < 46.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq openwall.com: http://www.openwall.com/lists/oss-security/2026/04/08/12