Description
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
Published: 2026-04-10
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in phpseclib’s SSH2::get_binary_packet() method, where the incoming packet’s HMAC is compared to a locally computed value using PHP’s != operator. For equal‑length binary strings, != invokes memcmp(), which stops at the first differing byte, resulting in a variable‑time comparison (CWE‑208). This timing side‑channel can leak the correct HMAC byte by byte, allowing an attacker to forge SSH packets that the library will accept.

Affected Systems

Any PHP application that imports the Net SSH2 class from phpseclib and remains on a release before 3.0.51, 2.0.53, or 1.0.28 is vulnerable. This includes both client and server implementations that rely on this library for SSH communication.

Risk and Exploitability

The CVSS score of 3.7 indicates moderate severity, and the EPSS score of <1% shows a low but non‑zero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Successful exploitation would require an attacker able to send crafted SSH packets and measure precise timing differences, potentially enabling packet forging and privilege escalation on systems that accept SSH connections from untrusted sources.

Generated by OpenCVE AI on May 8, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade phpseclib to at least version 3.0.51, 2.0.53, or 1.0.28 depending on the branch in use.
  • Verify that all dependency management files (e.g., composer.json, composer.lock) reference a fixed version and that no older phpseclib packages are present after the update.
  • If an immediate upgrade is impractical, isolate the PHP application behind a firewall that limits inbound SSH traffic to known, trusted hosts to reduce the attack surface until the patch is applied.

Generated by OpenCVE AI on May 8, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r854-jrxh-36qx phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
History

Fri, 08 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28. phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Phpseclib
Phpseclib phpseclib
Vendors & Products Phpseclib
Phpseclib phpseclib

Fri, 10 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
Title phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
Weaknesses CWE-208
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Phpseclib Phpseclib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T15:18:43.231Z

Reserved: 2026-04-09T20:59:17.620Z

Link: CVE-2026-40194

cve-icon Vulnrichment

Updated: 2026-04-13T15:23:15.555Z

cve-icon NVD

Status : Modified

Published: 2026-04-10T21:16:27.583

Modified: 2026-05-08T16:16:10.647

Link: CVE-2026-40194

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T20:30:16Z

Weaknesses