CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-39892 — cryptography is a package designed to expose cryptographic primitives and recipe...

·Source: NIST NVD

Updated:

Executive Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

Analysis

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7. CVSS Score: 9.8. Published: 2026-04-08T21:17:01.547.

Indicators of Compromise (1)

CVE (1)
CVE-2026-39892
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Apr 8, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

The CISO Inbox Is Not a Sales Funnel

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ian-thornton-trump-image_small-4-a-31891.jpg" align=right hspace=4><b>Inversion6 CISO Ian Thornton-Trump on What Cybersecurity Startups Get Wrong</b><br>CISOs are bombarded with more than 400 cold outreach attempts a month - ignoring nearly all of them. If vendors want to break through, they need to stop selling and start solving,

Bank Info Security
LOWVulnerability

Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)

<p><b>Bulletin ID:</b> 2026-005-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 2026/03/02 14:30 PM PST</p> <p><b>Description:</b></p> <p>AWS-LC is an open-source, general-purpose cryptographic library. We identified three distinct issues:</p> <p>- CVE-2026-3336: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC<br> Improper c

CVE-2026-3336CVE-2026-3337
AWS Security Bulletins
LOWVulnerability

Issues with Amazon Athena ODBC Driver

<p><b>Bulletin ID:</b> 2026-013-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 2026/04/03 13:00 PM PDT</p> <p><b>Description:</b></p> <p>The Amazon Athena ODBC driver implements standard ODBC application program interfaces (APIs). The ODBC driver provides access to Amazon Athena from any C/C++ application. The Amazon Athena ODBC drive

CVE-2026-5485CVE-2026-35558
AWS Security Bulletins