Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN146
_____________________________________________________________________

DATE                : 11/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PyCA cryptography versions
                                prior to 46.0.0.

=====================================================================
https://mail.python.org/archives/list/python-announce-list@python.org/thread/NZLSG66UJ3CV7Y5IQZH3P5FYT6YR6RUH/
_____________________________________________________________________


Paul Kehrer
10 février 2026 19:33

PyCA cryptography 46.0.0 has been released to PyPI. cryptography includes
both high level recipes and low level interfaces to common
cryptographic algorithms
such as symmetric ciphers, asymmetric algorithms, message digests, X.509,
key derivation functions, and much more. We support Python 3.8+, and PyPy3
3.11.

Changelog (https://cryptography.io/en/latest/changelog/#v46-0-5)
* An attacker could create a malicious public key that reveals portions of
your private key when using certain uncommon elliptic curves (binary
curves). This version now includes additional security checks to prevent
this attack. This issue only affects binary elliptic curves, which are
rarely used in real-world applications. Credit to **XlabAI Team of Tencent
Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for
reporting the issue. **CVE-2026-26007**
* Support for SECT binary elliptic curves is deprecated and will be removed
in the next release.

-Paul Kehrer (reaperhulk)

 
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================