CVE-2026-40194

EUVD-2026-21597
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
phpseclibphpseclib
𝑥
≤ 1.0.27
phpseclibphpseclib
2.0.0 ≤
𝑥
< 2.0.53
phpseclibphpseclib
3.0.0 ≤
𝑥
< 3.0.51
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php-phpseclib
bookworm
2.0.42-1+deb12u5
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
sid
2.0.54-1
fixed
trixie
2.0.48-3+deb13u3
fixed
trixie (security)
vulnerable
php-phpseclib3
bookworm
3.0.19-1+deb12u6
fixed
bookworm (security)
vulnerable
sid
3.0.52-2
fixed
trixie
3.0.43-2+deb13u3
fixed
trixie (security)
vulnerable
phpseclib
bookworm
1.0.20-1+deb12u5
fixed
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
sid
1.0.29-1
fixed
trixie
1.0.23-6+deb13u3
fixed
trixie (security)
vulnerable
Common Weakness Enumeration
References
https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac
https://github.com/phpseclib/phpseclib/releases/tag/1.0.28
https://github.com/phpseclib/phpseclib/releases/tag/2.0.53
https://github.com/phpseclib/phpseclib/releases/tag/3.0.51
https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx