Subgroup Attack

🗓️ 21 Feb 2026 05:07:14Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 3 Views

Subgroup attack caused by unvalidated public keys in the prime-order subgroup, affecting elliptic curve signatures and key exchange.

Reporter	Title	Published	Views	Family All 147
IBM Security Bulletins	Security Bulletin: IBM Edge Data Collector uses cryptography-44.0.1-cp39-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007.	16 Apr 202607:34	–	ibm
IBM Security Bulletins	Security Bulletin: cryptography Missing Subgroup Validation in EC Public Keys Enables ECDH Key Leakage and ECDSA Forgery	4 May 202612:20	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-26007)	6 Apr 202610:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography [CVE-2026-26007]	14 Apr 202615:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.	30 Apr 202612:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007	5 May 202608:37	–	ibm
IBM Security Bulletins	Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively	30 Mar 202615:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3 which is vulnerable to CVE-2026-26007	27 Mar 202608:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities	16 Apr 202613:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - Insufficient Verification in cryptography package	15 Apr 202606:14	–	ibm

Vulners

Node

py3-cryptography py3-cryptographyMatch46.0.2-r0python

AND

py3-cryptography py3-cryptographyMatch46.0.3-r0python

AND

alpinelinux alpine_linuxMatch3.23

py3-cryptography py3-cryptographyMatch40.0.1-r0python

AND

py3-cryptography py3-cryptographyMatch42.0.8-r0python

AND

py3-cryptography py3-cryptographyMatch3.4.8-r0python

AND

py3-cryptography py3-cryptographyMatch39.0.1-r0python

AND

py3-cryptography py3-cryptographyMatch2.9.2-r0python

AND

py3-cryptography py3-cryptographyMatch41.0.2-r2python

AND

py3-cryptography py3-cryptographyMatch39.0.2-r0python

AND

py3-cryptography py3-cryptographyMatch42.0.5-r0python

AND

py3-cryptography py3-cryptographyMatch46.0.3-r0python

AND

py3-cryptography py3-cryptographyMatch37.0.4-r2python

AND

py3-cryptography py3-cryptographyMatch43.0.1-r0python

AND

py3-cryptography py3-cryptographyMatch43.0.3-r0python

AND

py3-cryptography py3-cryptographyMatch2.9-r0python

AND

py3-cryptography py3-cryptographyMatch44.0.2-r0python

AND

py3-cryptography py3-cryptographyMatch41.0.4-r0python

AND

py3-cryptography py3-cryptographyMatch38.0.4-r0python

AND

py3-cryptography py3-cryptographyMatch39.0.0-r0python

AND

py3-cryptography py3-cryptographyMatch3.3.2-r3python

AND

py3-cryptography py3-cryptographyMatch43.0.0-r0python

AND

py3-cryptography py3-cryptographyMatch3.3.2-r1python

AND

py3-cryptography py3-cryptographyMatch3.4.8-r1python

AND

py3-cryptography py3-cryptographyMatch3.3.2-r2python

AND

py3-cryptography py3-cryptographyMatch40.0.2-r1python

AND

py3-cryptography py3-cryptographyMatch3.3.2-r4python

AND

py3-cryptography py3-cryptographyMatch38.0.2-r0python

AND

py3-cryptography py3-cryptographyMatch41.0.3-r0python

AND

py3-cryptography py3-cryptographyMatch41.0.2-r0python

AND

py3-cryptography py3-cryptographyMatch2.8-r1python

AND

py3-cryptography py3-cryptographyMatch46.0.2-r0python

AND

py3-cryptography py3-cryptographyMatch3.3.2-r0python

AND

py3-cryptography py3-cryptographyMatch37.0.4-r0python

AND

py3-cryptography py3-cryptographyMatch42.0.7-r0python

AND

py3-cryptography py3-cryptographyMatch44.0.0-r0python

AND

py3-cryptography py3-cryptographyMatch41.0.1-r0python

AND

py3-cryptography py3-cryptographyMatch44.0.3-r0python

AND

py3-cryptography py3-cryptographyMatch41.0.7-r0python

AND

py3-cryptography py3-cryptographyMatch41.0.5-r0python

AND

py3-cryptography py3-cryptographyMatch38.0.3-r0python

AND

py3-cryptography py3-cryptographyMatch44.0.1-r0python

AND

py3-cryptography py3-cryptographyMatch42.0.5-r1python

AND

alpinelinux alpine_linuxMatchedge

cryptography cryptographyRange0.5–46.0.4python

cryptography cryptographyMatch0.1python

cryptography cryptographyMatch0.2python

cryptography cryptographyMatch0.2.1python

cryptography cryptographyMatch0.2.2python

cryptography cryptographyMatch0.3python

cryptography cryptographyMatch0.4python

cryptography cryptographyMatch0.5python

cryptography cryptographyMatch0.5.1python

cryptography cryptographyMatch0.5.2python

cryptography cryptographyMatch0.5.3python

cryptography cryptographyMatch0.5.4python

cryptography cryptographyMatch0.6python

cryptography cryptographyMatch0.6.1python

cryptography cryptographyMatch0.7python

cryptography cryptographyMatch0.7.1python

cryptography cryptographyMatch0.7.2python

cryptography cryptographyMatch0.8python

cryptography cryptographyMatch0.8.1python

cryptography cryptographyMatch0.8.2python

cryptography cryptographyMatch0.9python

cryptography cryptographyMatch0.9.1python

cryptography cryptographyMatch0.9.2python

cryptography cryptographyMatch0.9.3python

cryptography cryptographyMatch1.0python

cryptography cryptographyMatch1.0.1python

cryptography cryptographyMatch1.0.2python

cryptography cryptographyMatch1.1python

cryptography cryptographyMatch1.1.1python

cryptography cryptographyMatch1.1.2python

cryptography cryptographyMatch1.2python

cryptography cryptographyMatch1.2.1python

cryptography cryptographyMatch1.2.2python

cryptography cryptographyMatch1.2.3python

cryptography cryptographyMatch1.3python

cryptography cryptographyMatch1.3.1python

cryptography cryptographyMatch1.3.2python

cryptography cryptographyMatch1.3.3python

cryptography cryptographyMatch1.3.4python

cryptography cryptographyMatch1.4python

cryptography cryptographyMatch1.5python

cryptography cryptographyMatch1.5.1python

cryptography cryptographyMatch1.5.2python

cryptography cryptographyMatch1.5.3python

cryptography cryptographyMatch1.6python

cryptography cryptographyMatch1.7python

cryptography cryptographyMatch1.7.1python

cryptography cryptographyMatch1.7.2python

cryptography cryptographyMatch1.8python

cryptography cryptographyMatch1.8.1python

cryptography cryptographyMatch1.8.2python

cryptography cryptographyMatch1.9python

cryptography cryptographyMatch2.0python

cryptography cryptographyMatch2.0.1python

cryptography cryptographyMatch2.0.2python

cryptography cryptographyMatch2.0.3python

cryptography cryptographyMatch2.1python

cryptography cryptographyMatch2.1.1python

cryptography cryptographyMatch2.1.2python

cryptography cryptographyMatch2.1.3python

cryptography cryptographyMatch2.1.4python

cryptography cryptographyMatch2.2python

cryptography cryptographyMatch2.2.1python

cryptography cryptographyMatch2.2.2python

cryptography cryptographyMatch2.3python

cryptography cryptographyMatch2.3.1python

cryptography cryptographyMatch2.4python

cryptography cryptographyMatch2.4.1python

cryptography cryptographyMatch2.4.2python

cryptography cryptographyMatch2.5python

cryptography cryptographyMatch2.6python

cryptography cryptographyMatch2.6.1python

cryptography cryptographyMatch2.7python

cryptography cryptographyMatch2.8python

cryptography cryptographyMatch2.9python

cryptography cryptographyMatch2.9.1python

cryptography cryptographyMatch2.9.2python

cryptography cryptographyMatch3.0python

cryptography cryptographyMatch3.1python

cryptography cryptographyMatch3.1.1python

cryptography cryptographyMatch3.2python

cryptography cryptographyMatch3.2.1python

cryptography cryptographyMatch3.3python

cryptography cryptographyMatch3.3.1python

cryptography cryptographyMatch3.3.2python

cryptography cryptographyMatch3.4python

cryptography cryptographyMatch3.4.1python

cryptography cryptographyMatch3.4.2python

cryptography cryptographyMatch3.4.3python

cryptography cryptographyMatch3.4.4python

cryptography cryptographyMatch3.4.5python

cryptography cryptographyMatch3.4.6python

cryptography cryptographyMatch3.4.7python

cryptography cryptographyMatch3.4.8python

cryptography cryptographyMatch35.0.0python

cryptography cryptographyMatch36.0.0python

cryptography cryptographyMatch36.0.1python

cryptography cryptographyMatch36.0.2python

cryptography cryptographyMatch37.0.0python

cryptography cryptographyMatch37.0.1python

cryptography cryptographyMatch37.0.2python

cryptography cryptographyMatch37.0.3python

cryptography cryptographyMatch37.0.4python

cryptography cryptographyMatch38.0.0python

cryptography cryptographyMatch38.0.1python

cryptography cryptographyMatch38.0.2python

cryptography cryptographyMatch38.0.3python

cryptography cryptographyMatch38.0.4python

cryptography cryptographyMatch39.0.0python

cryptography cryptographyMatch39.0.1python

cryptography cryptographyMatch39.0.2python

cryptography cryptographyMatch40.0.0python

cryptography cryptographyMatch40.0.1python

cryptography cryptographyMatch40.0.2python

cryptography cryptographyMatch41.0.0python

cryptography cryptographyMatch41.0.1python

cryptography cryptographyMatch41.0.2python

cryptography cryptographyMatch41.0.3python

cryptography cryptographyMatch41.0.4python

cryptography cryptographyMatch41.0.5python

cryptography cryptographyMatch41.0.6python

cryptography cryptographyMatch41.0.7python

cryptography cryptographyMatch42.0.0python

cryptography cryptographyMatch42.0.1python

cryptography cryptographyMatch42.0.2python

cryptography cryptographyMatch42.0.3python

cryptography cryptographyMatch42.0.4python

cryptography cryptographyMatch42.0.5python

cryptography cryptographyMatch42.0.6python

cryptography cryptographyMatch42.0.7python

cryptography cryptographyMatch42.0.8python

cryptography cryptographyMatch43.0.0python

cryptography cryptographyMatch43.0.1python

cryptography cryptographyMatch43.0.3python

cryptography cryptographyMatch44.0.0python

cryptography cryptographyMatch44.0.1python

cryptography cryptographyMatch44.0.2python

cryptography cryptographyMatch44.0.3python

cryptography cryptographyMatch45.0.0python

cryptography cryptographyMatch45.0.1python

cryptography cryptographyMatch45.0.2python

cryptography cryptographyMatch45.0.3python

cryptography cryptographyMatch45.0.4python

cryptography cryptographyMatch45.0.5python

cryptography cryptographyMatch45.0.6python

cryptography cryptographyMatch45.0.7python

cryptography cryptographyMatch46.0.0python

cryptography cryptographyMatch46.0.1python

cryptography cryptographyMatch46.0.2python

cryptography cryptographyMatch46.0.3python

Source	Link
github	www.github.com/pyca/cryptography/releases/tag/46.0.5
github	www.github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
github	www.github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2

09 May 2026 05:38Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.16.5

CVSS 48.2

EPSS0.00009

SSVC