Medium severity5.3NVD Advisory· Published Mar 31, 2026· Updated Apr 6, 2026
CVE-2026-34073
CVE-2026-34073
Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cryptographyPyPI | < 46.0.6 | 46.0.6 |
Affected products
72- osv-coords71 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-3pkg:apk/chainguard/airflow-core-2pkg:apk/chainguard/airflow-core-3pkg:apk/chainguard/ansible-operatorpkg:apk/chainguard/ansible-operator-fipspkg:apk/chainguard/apache-beam-python-3.11-sdkpkg:apk/chainguard/apache-beam-python-3.12-sdkpkg:apk/chainguard/apache-beam-python-3.13-sdkpkg:apk/chainguard/awxpkg:apk/chainguard/dask-kubernetespkg:apk/chainguard/datadog-agent-7.71-core-integrationspkg:apk/chainguard/datadog-agent-7.72-core-integrationspkg:apk/chainguard/datadog-agent-7.74-core-integrationspkg:apk/chainguard/datadog-agent-7.75-core-integrationspkg:apk/chainguard/datadog-agent-7.76-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.71-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.72-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.73-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.74-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.75-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.76-core-integrationspkg:apk/chainguard/dbt-bigquerypkg:apk/chainguard/ggshieldpkg:apk/chainguard/gitlab-toolbox-ce-18.7pkg:apk/chainguard/gitlab-toolbox-ce-18.9pkg:apk/chainguard/gitlab-toolbox-ce-fips-18.9pkg:apk/chainguard/in-totopkg:apk/chainguard/jupyter-base-notebookpkg:apk/chainguard/k8s-sidecarpkg:apk/chainguard/kserve-storage-controllerpkg:apk/chainguard/kubeflow-jupyter-web-apppkg:apk/chainguard/kubeflow-volumes-web-apppkg:apk/chainguard/litellmpkg:apk/chainguard/localstackpkg:apk/chainguard/mitmproxypkg:apk/chainguard/myclipkg:apk/chainguard/nemopkg:apk/chainguard/opalpkg:apk/chainguard/pgadmin4pkg:apk/chainguard/pgadmin4-fipspkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/semgreppkg:apk/chainguard/synapsepkg:apk/chainguard/wazuh-manager-frameworkpkg:apk/wolfi/airflow-3pkg:apk/wolfi/ansible-operatorpkg:apk/wolfi/dask-kubernetespkg:apk/wolfi/datadog-agent-7.72-core-integrationspkg:apk/wolfi/datadog-agent-7.74-core-integrationspkg:apk/wolfi/datadog-agent-7.75-core-integrationspkg:apk/wolfi/datadog-agent-7.76-core-integrationspkg:apk/wolfi/ggshieldpkg:apk/wolfi/in-totopkg:apk/wolfi/jupyter-base-notebookpkg:apk/wolfi/k8s-sidecarpkg:apk/wolfi/kserve-storage-controllerpkg:apk/wolfi/kubeflow-jupyter-web-apppkg:apk/wolfi/kubeflow-volumes-web-apppkg:apk/wolfi/mitmproxypkg:apk/wolfi/myclipkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/semgreppkg:pypi/cryptographypkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Micro%206.2
< 2.11.2-r5+ 70 more
- (no CPE)range: < 2.11.2-r5
- (no CPE)range: < 3.1.8-r10
- (no CPE)range: < 2.11.2-r3
- (no CPE)range: < 3.1.8-r3
- (no CPE)range: < 1.42.2-r1
- (no CPE)range: < 1.42.2-r1
- (no CPE)range: < 2.71.0-r8
- (no CPE)range: < 2.71.0-r2
- (no CPE)range: < 2.71.0-r2
- (no CPE)range: < 24.6.1-r42
- (no CPE)range: < 2026.3.0-r2
- (no CPE)range: < 7.71.2-r26
- (no CPE)range: < 7.72.4-r27
- (no CPE)range: < 7.74.1-r19
- (no CPE)range: < 7.75.4-r6
- (no CPE)range: < 7.76.3-r6
- (no CPE)range: < 7.71.2-r20
- (no CPE)range: < 7.72.4-r18
- (no CPE)range: < 7.73.3-r17
- (no CPE)range: < 7.74.1-r16
- (no CPE)range: < 7.75.4-r4
- (no CPE)range: < 7.76.3-r4
- (no CPE)range: < 1.10.3-r2
- (no CPE)range: < 1.51.0-r5
- (no CPE)range: < 18.7.6-r1
- (no CPE)range: < 18.9.3-r1
- (no CPE)range: < 18.9.3-r1
- (no CPE)range: < 3.0.0-r3
- (no CPE)range: < 7.5.5-r1
- (no CPE)range: < 2.5.1-r2
- (no CPE)range: < 0.16.0-r24
- (no CPE)range: < 1.10.0-r13
- (no CPE)range: < 1.10.0-r12
- (no CPE)range: < 1.82.3.0-r3
- (no CPE)range: < 4.14.0-r6
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: < 1.67.1-r0
- (no CPE)range: < 2.7.3-r2
- (no CPE)range: < 0.9.4-r0
- (no CPE)range: < 9.13-r3
- (no CPE)range: < 9.13-r2
- (no CPE)range: < 0.27.0-r6
- (no CPE)range: < 1.157.0-r1
- (no CPE)range: < 1.151.0-r0
- (no CPE)range: < 4.14.4-r1
- (no CPE)range: < 3.1.8-r10
- (no CPE)range: < 1.42.2-r1
- (no CPE)range: < 2026.3.0-r2
- (no CPE)range: < 7.72.4-r27
- (no CPE)range: < 7.74.1-r19
- (no CPE)range: < 7.75.4-r6
- (no CPE)range: < 7.76.3-r6
- (no CPE)range: < 1.51.0-r5
- (no CPE)range: < 3.0.0-r3
- (no CPE)range: < 7.5.5-r1
- (no CPE)range: < 2.5.1-r2
- (no CPE)range: < 0.16.0-r24
- (no CPE)range: < 1.10.0-r13
- (no CPE)range: < 1.10.0-r12
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: < 1.67.1-r0
- (no CPE)range: < 0.27.0-r6
- (no CPE)range: < 1.157.0-r1
- (no CPE)range: < 46.0.6
- (no CPE)range: < 44.0.3-160000.3.1
- (no CPE)range: < 46.0.6-1.1
- (no CPE)range: < 44.0.3-160000.3.1
- (no CPE)range: < 44.0.3-160000.3.1
- (no CPE)range: < 42.0.4-4.1
- (no CPE)range: < 42.0.4-slfo.1.1_4.1
- (no CPE)range: < 44.0.3-160000.3.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.