Vulnerable Library - cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/8b/65/5bf43286d566f8171917cae23ac6add941654ccf085d739195a4eacf1674/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/25/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Found in HEAD commit: 57694b8db56faddb8d653045e7d54c8bd1b790df
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (cryptography version) |
Remediation Possible** |
| CVE-2026-39892 |
 Medium |
5.3 |
cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl |
Direct |
46.0.7 |
❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-39892
Vulnerable Library - cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/8b/65/5bf43286d566f8171917cae23ac6add941654ccf085d739195a4eacf1674/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/25/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Dependency Hierarchy:
- ❌ cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl (Vulnerable Library)
Found in HEAD commit: 57694b8db56faddb8d653045e7d54c8bd1b790df
Found in base branch: main
Vulnerability Details
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Publish Date: 2026-04-08
URL: CVE-2026-39892
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-p423-j2cm-9vmq
Release Date: 2026-04-08
Fix Resolution: 46.0.7
Step up your Open Source Security Game with Mend here
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/8b/65/5bf43286d566f8171917cae23ac6add941654ccf085d739195a4eacf1674/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/25/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Found in HEAD commit: 57694b8db56faddb8d653045e7d54c8bd1b790df
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/8b/65/5bf43286d566f8171917cae23ac6add941654ccf085d739195a4eacf1674/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/25/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl
Dependency Hierarchy:
Found in HEAD commit: 57694b8db56faddb8d653045e7d54c8bd1b790df
Found in base branch: main
Vulnerability Details
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Publish Date: 2026-04-08
URL: CVE-2026-39892
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-p423-j2cm-9vmq
Release Date: 2026-04-08
Fix Resolution: 46.0.7
Step up your Open Source Security Game with Mend here