Browse all 2 CVE security advisories affecting phpseclib. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40194 | phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals() — phpseclibCWE-208 | 3.7 | Low | 2026-04-10 |
| CVE-2026-32935 | phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack — phpseclibCWE-208 | 5.9 | - | 2026-03-20 |
This page lists every published CVE security advisory associated with phpseclib. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.