Skip to content

Outdated cryptography dependency contains CVE-2026-26007 #956

Open
Open
Outdated cryptography dependency contains CVE-2026-26007#956
@MonkeyCanCode

Description

@MonkeyCanCode
Yong Zheng (MonkeyCanCode)
opened on Mar 23, 2026

Hello,

I noticed we are pinned the following for cryptography version which has CVE-2026-26007:

cryptography = ">=44.0.0,<45.0.0"  # Constrained as transitive dependency due to a bug in newer versions

Is there a plan to update this to a newer version?

Thanks,
Yong

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions