All 2 CVE vulnerabilities found in phpseclib, with AI-generated Chinese analysis, references, and POCs.
Vendor: phpseclib
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40194 | phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals() CWE-208 | 3.7 | Low | 2026-04-10 |
| CVE-2026-32935 | phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack CWE-208 | 5.9 | - | 2026-03-20 |
All 2 known CVE vulnerabilities affecting phpseclib with full Chinese analysis, references, and POCs where available.