QwikSec

Security Database

CVE

CWE

Training

CVE-2026-32935

Published: Mar 20, 2026

Modified: May 8, 2026

PUBLISHED

Description

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.

Vendor	Product	Versions
phpseclib	phpseclib	affected `>= 3.0.0, < 3.0.50` affected `>= 2.0.0, < 2.0.52` affected `>= 0.1.1, < 1.0.27`

Weaknesses (CWE)

References

https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg

x_refsource_CONFIRM

https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.