Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
Published: 2026-03-31
Score: 1.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: DNS name constraint bypass
Action: Apply Patch
AI Analysis

Impact

The cryptography package, a widely used Python library for cryptographic operations, previously enforced DNS name constraints only against the subject‑alternative names in child certificates. It failed to validate the exact peer name supplied during a connection. This omission allowed an attacker to present a certificate chain that included a wildcard leaf certificate such as *.example.com while the parent certificate contained an excluded subtree constraint matching the intended peer, for example bar.example.com. The flaw represents a Name Constraint Missing Validation weakness (CWE‑295) and enables domain spoofing that could be used in man‑in‑the‑middle attacks against Python applications that rely on cryptography for TLS/SSL validation.

Affected Systems

All installations of the pyca:cryptography library that are older than version 46.0.6 and are employed for TLS or other certificate validation in Python applications are vulnerable. The issue applies to any code path that loads certificates via cryptography and performs hostname checking using the library's validation routines.

Risk and Exploitability

The CVSS score of 1.7 indicates a low severity risk, and the EPSS score of less than 1% suggests exploitation is unlikely at scale. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker must supply a crafted certificate chain that contains a wildcard leaf certificate matching the peer name while the parent certificate enforces an excluded subtree that matches the same name. Consequently, the exploit requires control over the certificate chain presented to the application or the ability to influence how the peer name is sent during the TLS handshake. The impact is limited to domain spoofing and does not provide remote code execution or broader system compromise.

Generated by OpenCVE AI on April 6, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the cryptography Python package to version 46.0.6 or newer.

Generated by OpenCVE AI on April 6, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m959-cc7f-wv43 cryptography has incomplete DNS name constraint enforcement on peer names
History

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Cryptography.io
Cryptography.io cryptography
CPEs cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
Vendors & Products Cryptography.io
Cryptography.io cryptography
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Pyca
Pyca cryptography
Vendors & Products Pyca
Pyca cryptography
References
Metrics threat_severity

None

 cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

threat_severity

Low

Tue, 31 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
Title cryptography has incomplete DNS name constraint enforcement on peer names
Weaknesses CWE-295
References
Metrics cvssV4_0

{'score': 1.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Cryptography.io Cryptography
Pyca Cryptography
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T13:52:00.999Z

Reserved: 2026-03-25T16:21:40.868Z

Link: CVE-2026-34073

cve-icon Vulnrichment

Updated: 2026-03-31T13:51:58.145Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T03:15:59.123

Modified: 2026-04-06T15:30:27.887

Link: CVE-2026-34073

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-31T02:04:36Z

Links: CVE-2026-34073 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:11Z

Weaknesses