EUVD-2026-12094
GHSA-4v26-v6cg-g6f9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
4Description
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 3.1.5.
Analysis
Critical cryptographic vulnerability in the xmlseclibs PHP library (versions before 3.1.5) that fails to validate authentication tag lengths in AES-GCM encrypted XML nodes. Attackers can exploit this remotely without authentication to brute-force encryption keys, decrypt sensitive data, and forge ciphertexts. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems using xmlseclibs PHP library (versions before 3.1.5) and assess exposure; implement network segmentation to limit external access to affected services. Within 7 days: Contact vendor for patched version 3.1.5 or later; establish temporary WAF rules to block suspicious XML encryption requests; conduct threat hunt for signs of exploitation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today