The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-26130

CVE-2024-26130: Cryptography.io Cryptography DOS Vulnerability

CVE-2024-26130 is a denial of service flaw in Cryptography.io Cryptography that causes NULL pointer dereference crashes when mismatched keys are used. This article covers technical details, affected versions, and mitigation.

Published: January 28, 2026

CVE-2024-26130 Overview

CVE-2024-26130 is a null pointer dereference vulnerability in the Python cryptography package, a widely-used library that provides cryptographic primitives and recipes to Python developers. The vulnerability exists in versions 38.0.0 through 42.0.3 and can be triggered when calling pkcs12.serialize_key_and_certificates with a mismatched certificate/private key pair while using specific HMAC hash encryption options.

Critical Impact

This vulnerability enables remote attackers to crash Python processes through a null pointer dereference, resulting in denial of service conditions for applications that rely on the cryptography library for PKCS#12 operations.

Affected Products

  • cryptography.io cryptography versions >= 38.0.0 and < 42.0.4
  • Python applications using pkcs12.serialize_key_and_certificates with HMAC hash encryption
  • Systems running vulnerable versions of the cryptography package from PyPI

Discovery Timeline

  • 2024-02-21 - CVE-2024-26130 published to NVD
  • 2025-02-05 - Last updated in NVD database

Technical Details for CVE-2024-26130

Vulnerability Analysis

The vulnerability resides in the PKCS#12 serialization functionality within the cryptography library. When developers serialize keys and certificates to the PKCS#12 format, the library performs validation to ensure the provided certificate's public key matches the private key being serialized. However, when the encryption_algorithm parameter is configured with an hmac_hash value (set via PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)), a specific code path is executed that fails to properly handle the mismatch condition.

Instead of raising an appropriate ValueError exception when detecting the key mismatch, the vulnerable code path attempts to dereference a null pointer, causing an immediate crash of the Python process. This represents a failure in defensive programming practices where error conditions should be handled gracefully rather than causing program termination.

Root Cause

The root cause is a missing null pointer check in the PKCS#12 serialization code path when HMAC hash encryption is enabled (CWE-476: Null Pointer Dereference). The code assumes certain internal structures are properly initialized when the HMAC hash option is specified, but when a certificate/key mismatch occurs, these structures may remain null. The fix in version 42.0.4 properly validates inputs and raises a ValueError exception before attempting operations that could dereference null pointers.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by:

  1. Providing input to an application that uses the cryptography library for PKCS#12 operations
  2. Ensuring the input causes a call to pkcs12.serialize_key_and_certificates with a certificate whose public key does not match the provided private key
  3. The encryption algorithm must be configured with hmac_hash set via the PrivateFormat.PKCS12.encryption_builder().hmac_hash(...) method

The vulnerability manifests when pkcs12.serialize_key_and_certificates is invoked with specific conditions: a mismatched certificate/private key pair combined with HMAC hash encryption settings. Rather than properly validating inputs and raising a ValueError, the code path leads to a null pointer dereference. For detailed technical analysis and the specific fix, refer to the GitHub Pull Request and GitHub Commit Details.

Detection Methods for CVE-2024-26130

Indicators of Compromise

  • Unexpected Python process crashes with segmentation faults in production environments
  • Application logs showing abrupt termination during PKCS#12 serialization operations
  • Core dumps or crash reports referencing the cryptography library's PKCS#12 functions
  • Increased frequency of service restarts for Python applications handling certificate operations

Detection Strategies

  • Monitor for Python process crashes with null pointer dereference signatures in system logs
  • Implement application-level logging around pkcs12.serialize_key_and_certificates calls to detect exploitation attempts
  • Use software composition analysis (SCA) tools to identify vulnerable versions of the cryptography package in your environment
  • Deploy runtime application self-protection (RASP) solutions to detect abnormal behavior in cryptographic operations

Monitoring Recommendations

  • Configure process monitoring to alert on unexpected termination of Python services using the cryptography library
  • Implement dependency scanning in CI/CD pipelines to flag vulnerable package versions before deployment
  • Set up anomaly detection for certificate processing endpoints that may use PKCS#12 serialization
  • Review application logs for patterns of failed cryptographic operations preceding crashes

How to Mitigate CVE-2024-26130

Immediate Actions Required

  • Upgrade the cryptography package to version 42.0.4 or later immediately
  • Audit all Python applications in your environment for usage of the vulnerable cryptography versions
  • Implement input validation to ensure certificate and private key pairs match before calling serialization functions
  • Consider implementing rate limiting on endpoints that process certificate-related requests

Patch Information

The vulnerability has been resolved in cryptography version 42.0.4, which properly raises a ValueError when a certificate/key mismatch is detected. The fix is available through the following resources:

  • GitHub Security Advisory
  • GitHub Pull Request
  • GitHub Commit Details

Workarounds

  • Add application-level validation to verify certificate public keys match private keys before calling pkcs12.serialize_key_and_certificates
  • Wrap PKCS#12 serialization calls in exception handlers to gracefully manage potential crashes
  • Temporarily disable HMAC hash encryption options in PrivateFormat.PKCS12.encryption_builder() if upgrading is not immediately possible
  • Implement process supervision to automatically restart affected services if crashes occur
bash
# Upgrade cryptography package to patched version
pip install --upgrade cryptography>=42.0.4

# Verify installed version
pip show cryptography | grep Version

# For requirements.txt, update the dependency
# cryptography>=42.0.4

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechCryptography Io
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability0.34%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-476
  • Vendor Resources
  • GitHub Commit Details
  • GitHub Pull Request
  • GitHub Security Advisory
  • Latest CVEs
  • CVE-2026-35467: Browser API Key Information Disclosure
  • CVE-2026-35466: cveInterface.js XSS Vulnerability
  • CVE-2026-30252: ZenShare Suite XSS Vulnerability
  • CVE-2026-30251: ZenShare Suite v17.0 XSS Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English