|
Vulnerabilities
< Back

CVE-2026-32935

Updated on 20 Mar 2026

Severity

8.2 High severity

Details

CVSS score
8.2
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32935 NVD lastModified: 2026-05-08

Details

Affected product:
phpseclib/phpseclib
Affected packages:
phpseclib @ 0.3.10 (+1 more)

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32935 NVD lastModified: 2026-05-08

Fixes