VDB
CVE-2026-32935
CVE-2026-32935
PUBLISHED
CVSS 8.199999809265137 HIGH
phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.
EPSS 0.02% · 4.5th percentile
Risk Scores
CVSS v4.0
8.199999809265137
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.02%
4.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| phpseclib | phpseclib | 3.0.0, 2.0.0, 0 |
| phpseclib | phpseclib | >= 2.0.0, < 2.0.52, < 1.0.27, 0 |
Timeline
- Mar 19, 2026 CVE Published
- Mar 20, 2026 EPSS Score
- Mar 20, 2026 Security Advisory
- Mar 21, 2026 EPSS Score
- Mar 22, 2026 EPSS Score
- Mar 22, 2026 Coalition ESS Score
- Mar 23, 2026 EPSS Score
- Mar 23, 2026 CVE Updated
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score