CVE- 2026-26007 is a high-severity flaw in the Python cryptography package, rated CVSS 8.2, which could enable attackers to recover private keys through a Subgroup Attack on Elliptic Curve Cryptography. The issue stems from how the library handles public keys, with functions such as load_pem_public_key() and public_key_from_numbers() not verifying that a key point truly belongs to the expected prime-order subgroup.
As a result, a malicious public key point drawn from a small-order subgroup can cause the victim’s system to perform calculations that leak data, notably affecting Elliptic Curve Diffie-Hellman exchanges. In certain curves with cofactors greater than one, this can reveal the least significant bits of the private key, potentially allowing full reconstruction with repeated attempts or in combination with other weaknesses.
The vulnerability also impacts ECDSA, making it easier to forge signatures on the small subgroup if weak keys are accepted. A fix has been released in version 46.0.5, and developers using cryptography for Python applications are urged to upgrade to ensure proper key validation.