CVE-2026-32935

216.73.217.22

· Published 20/03/2026 03:16 · Modified 20/03/2026 13:37

Labels: CVE-2026-32935 2026-03-20 CVE-2026-32935 CWE-208 [email protected]

Essential information

Published: 20/03/2026 03:16
Modified: 20/03/2026 13:37
Author: —
Creator: —
CVSS: 8.2 HIGH (v3) 8.2 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
phpseclib / phpseclib	`cpe:2.3:a:phpseclib:phpseclib:<1.0.26:::::::*`
phpseclib / phpseclib	`cpe:2.3:a:phpseclib:phpseclib:1.0.26:::::::*`
phpseclib / phpseclib	`cpe:2.3:a:phpseclib:phpseclib:2.0.0-2.0.51:::::::*`
phpseclib / phpseclib	`cpe:2.3:a:phpseclib:phpseclib:3.0.0-3.0.49:::::::*`