CVE-2026-32935

Published: Mar 20, 2026 Last Modified: Mar 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,2

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.

208

Observable Timing Discrepancy

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control

Potential Impacts:

Read Application Data Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb1…

https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd…

https://github.com/phpseclib/phpseclib/security/advisories/…

https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg

CVE-2026-32935

Description

Observable Timing Discrepancy

Common Consequences

Applicable Platforms

Iscriviti alla newsletter