Description
phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.
Published: 2026-03-20
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential plaintext disclosure via timing attack
Action: Apply Patch
AI Analysis

Impact

phpseclib is a PHP library for secure communications that includes AES encryption. A flaw in the AES‑CBC decryption unpadding routine allows an attacker to gain information from timing differences, enabling a padding oracle timing attack. This information‑disclosure weakness (CWE‑208) can allow full recovery of encrypted plaintexts when an adversary can manipulate or observe ciphertext processing.

Affected Systems

The vulnerability affects the phpseclib library across versions 1.0.0 to 1.0.26, 2.0.0 to 2.0.51, and 3.0.0 to 3.0.49. Versions 1.0.27, 2.0.52, and 3.0.50 and later contain the fix.

Risk and Exploitability

The CVSS score of 8.2 reflects high severity. The EPSS score of less than 1 % suggests a low probability of exploitation. It is not listed in CISA’s Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that an attacker would need to send crafted ciphertexts to a service performing AES‑CBC decryption and measure response times to recover plaintext. The likely attack vector is remote, through network or application interfaces that accept encrypted data.

Generated by OpenCVE AI on March 23, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade phpseclib to version 1.0.27 or later, 2.0.52 or later, or 3.0.50 or later.
  • If an upgrade is not immediately possible, restrict access to any service that performs AES‑CBC decryption to trusted clients and monitor for abnormal timing patterns.
  • Regularly check the phpseclib project for future security releases.

Generated by OpenCVE AI on March 23, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4518-1 phpseclib security update
Debian DSA Debian DSA DSA-6185-1 phpseclib security update
Debian DSA Debian DSA DSA-6186-1 php-phpseclib security update
Debian DSA Debian DSA DSA-6187-1 php-phpseclib3 security update
Github GHSA Github GHSA GHSA-94g3-g5v7-q4jg phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
History

Mon, 23 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 20 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Phpseclib
Phpseclib phpseclib
Vendors & Products Phpseclib
Phpseclib phpseclib

Fri, 20 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.
Title phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
Weaknesses CWE-208
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Phpseclib Phpseclib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T16:32:34.194Z

Reserved: 2026-03-17T00:05:53.282Z

Link: CVE-2026-32935

cve-icon Vulnrichment

Updated: 2026-03-20T16:32:14.624Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T03:16:00.763

Modified: 2026-03-23T19:23:56.903

Link: CVE-2026-32935

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:09:36Z

Weaknesses