The vulnerability identified as CVE-2026-26007 affects the pyca cryptography Python package, specifically versions before 46.0.5. The flaw is due to insufficient verification of data authenticity (CWE-345) in elliptic curve cryptographic functions: public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key(). These functions fail to verify that the provided elliptic curve point belongs to the expected prime-order subgroup, particularly impacting SECT (binary) curves with cofactor greater than one. An attacker can exploit this by supplying a public key point from a small-order subgroup. In ECDH key exchange, when the victim computes the shared secret S = [victim_private_key]P, the use of a small-order point leaks information about the victim's private key modulo the small subgroup order, revealing least significant bits of the private key. In ECDSA signature verification, this flaw allows forging signatures on the small subgroup, undermining signature integrity. The vulnerability does not require authentication or user interaction but does require the victim to process attacker-supplied public keys. The CVSS 4.0 score is 8.2 (high severity) with network attack vector, high complexity, and no privileges or user interaction needed. The vulnerability is fixed in pyca cryptography version 46.0.5 by adding proper subgroup membership validation. No known exploits are reported in the wild yet.

For European organizations, this vulnerability poses significant risks to the confidentiality and integrity of cryptographic operations relying on pyca cryptography with SECT curves. Leakage of private key bits during ECDH key exchange can lead to full key recovery over time, compromising encrypted communications and key negotiation processes. Forged ECDSA signatures can allow attackers to bypass authentication or non-repudiation mechanisms, potentially enabling unauthorized access, fraudulent transactions, or code signing bypasses. Organizations using Python applications for secure communications, authentication, or cryptographic protocols that depend on pyca cryptography are at risk. The impact is especially critical for sectors handling sensitive data such as finance, healthcare, government, and critical infrastructure. The vulnerability could undermine trust in cryptographic assurances and lead to data breaches or operational disruptions if exploited.

European organizations should immediately upgrade pyca cryptography to version 46.0.5 or later to ensure proper subgroup membership validation. They should audit their Python codebases and dependencies to identify usage of vulnerable versions, especially in applications performing ECDH or ECDSA operations on SECT curves. Where upgrading is not immediately possible, organizations should consider disabling support for SECT curves or implementing additional validation checks at the application level to verify public key points belong to the correct subgroup. Security teams should monitor for suspicious cryptographic operations or anomalies in signature verification and key exchange processes. Incorporating cryptographic best practices such as using curves with cofactor 1 (e.g., prime curves like P-256) can reduce exposure. Finally, organizations should review their incident response plans to address potential cryptographic key compromise scenarios.