CVE-2026-34073
Severity
1.7LOW
EPSS
0.0%
top 94.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 31
Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for b…
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Packages4 packages
🔴Vulnerability Details
4OSV▶
CVE-2026-34073: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers↗2026-03-31
📋Vendor Advisories
2🕵️Threat Intelligence
1💬Community
4Bugzilla▶
CVE-2026-34073 python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation↗2026-03-31
Bugzilla▶
CVE-2026-34073 pypy: Cryptography: Security bypass due to improper DNS name constraint validation [fedora-all]↗2026-03-31
Bugzilla▶
CVE-2026-34073 pypy3.10: Cryptography: Security bypass due to improper DNS name constraint validation [fedora-all]↗2026-03-31
Bugzilla▶
CVE-2026-34073 pypy3.11: Cryptography: Security bypass due to improper DNS name constraint validation [fedora-all]↗2026-03-31