CVE-2026-40194

| EUVD-2026-21597 LOW
2026-04-10 GitHub_M GHSA-r854-jrxh-36qx
3.7
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch Released
Apr 11, 2026 - 02:30 nvd
Patch available
Analysis Generated
Apr 10, 2026 - 21:00 vuln.today
EUVD ID Assigned
Apr 10, 2026 - 21:00 euvd
EUVD-2026-21597
CVE Published
Apr 10, 2026 - 20:24 nvd
LOW 3.7

Tags

PHP Information Disclosure Phpseclib

Description

phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.

Analysis

phpseclib's SSH2 packet authentication uses PHP's non-constant-time != operator to compare HMACs, enabling timing-based information disclosure attacks on SSH sessions. The vulnerability affects phpseclib versions prior to 1.0.28, 2.0.53, and 3.0.51. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

18
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +18
POC: 0

Share

CVE-2026-40194 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy