Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 20.04 LTS USN-8087-3 python-cryptography Severe Data Leak Risk

ubuntu
Calendar Grey April 29, 2026
Scroller Ubuntu
Exploit risk in python-cryptography may expose sensitive data over the network, affecting multiple Ubuntu versions.
python-cryptography could be made to expose sensitive information over the network.

Summary

python-cryptography could be made to expose sensitive information over the

network.

Software Description:

- python-cryptography: Cryptography Python library

Details:

USN-8087-1 fixed a vulnerability in python-cryptography. This update

provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,

and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that python-cryptography incorrectly handled subgroup

validation for SECT curves. A remote attacker could use this issue to

perform a subgroup attack and possibly recover the least significant bits

of private keys.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  python-cryptography             2.8-3ubuntu0.3+esm2
                                  Available with Ubuntu Pro
  python3-cryptography            2.8-3ubuntu0.3+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  python-cryptography             2.1.4-1ubuntu1.4+esm3
                                  Available with Ubuntu Pro
  python3-cryptography            2.1.4-1ubuntu1.4+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  python-cryptography             1.2.3-1ubuntu0.3+esm3
                                  Available with Ubuntu Pro
  python3-cryptography            1.2.3-1ubuntu0.3+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8087-3

https://ubuntu.com/security/notices/USN-8087-2

https://ubuntu.com/security/notices/USN-8087-1

CVE-2026-26007

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8087-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.