Fix cryptography CVE: bump override to 46.0.5

[are-ces]

Description

Bump cryptography override from 46.0.3 to 46.0.5 (latest available on RHOAI) to fix a high-severity CVE.

Fixed:

• CVE-2026-26007 (High): Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves — fixed in 46.0.5

Not fixed (RHOAI does not have newer versions yet):

• CVE-2026-34073 (Low): Incomplete DNS name constraint enforcement — needs 46.0.6
• CVE-2026-39892 (Medium): Buffer overflow via non-contiguous buffer — needs 46.0.7

Type of change

• CVE fix
• Bump-up dependent library

Tools used to create PR

• Assisted-by: Claude Code (Claude Opus 4.6)
• Generated by: N/A

Related Tickets & Documents

• Closes LCORE-1762

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Verified cryptography 46.0.5 is available on RHOAI cpu-ubi9 and cuda12.9-ubi9
• Regenerated hashed requirement files

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 28b2889e-70e2-4706-b033-96fce6a44438

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This PR updates the pinned version of the cryptography package from 46.0.3 to 46.0.5 across both the CUDA and standard requirements override files.

Changes

Dependency Version Updates

Layer / File(s)	Summary
Cryptography Pin requirements.overrides.cuda.txt, requirements.overrides.txt	Both files update cryptography==46.0.3 to cryptography==46.0.5. No other package pins change.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the primary change: bumping the cryptography override to version 46.0.5 to fix a CVE vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}