CVE-2026-39892
highCVSS v3 Base Score
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 93% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: April 8, 2026 (92 days ago)
Last Modified: April 8, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
CWE
CWE-131Affected Products
Lightspeed CoreMigration Toolkit for Applications 8OpenShift LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform Ansible Core 2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)