Is cryptography affected by CVE-2026-34073?

PyPI cryptography is affected in <46.0.6.

Is CVE-2026-34073 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

medium

CVE-2026-34073

Q: Is CVE-2026-34073 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

PyPI · cryptography

Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would

Severity: medium
EPSS: 0.2% (p5)
Also known as: GHSA-m959-cc7f-wv43, PYSEC-2026-35
Published: 2026-03-31

References

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43

Related advisories

CVE-2026-39892 — critical · PyPI/cryptography
GHSA-537c-gmf6-5ccf — high · PyPI/cryptography
CVE-2026-26007 — high · PyPI/cryptography

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.