Skip to main content

CWE-208

Observable Timing Discrepancy

121 CVEs Avg CVSS 5.6 MITRE
2
CRITICAL
20
HIGH
72
MEDIUM
26
LOW
13
POC
0
KEV

Monthly

CVE-2026-56764 MEDIUM PATCH This Month

Credential inference via timing side-channel is possible in Hono before 4.11.10 when the built-in `basicAuth` or `bearerAuth` middlewares are in use, due to JavaScript's short-circuit `===` string equality operator being used inside the `timingSafeEqual` function for hash comparison. Because `===` terminates on the first differing character, response times vary slightly based on how many leading characters of a credential match the stored hash, enabling an attacker to recover credentials one character at a time through statistical timing analysis. No public exploit has been identified and the vendor GHSA advisory explicitly characterizes this as a hardening improvement with low practical exploitability outside highly controlled, low-jitter network environments.

Information Disclosure Hono
NVD GitHub
CVSS 4.0
6.3
CVE-2026-21840 LOW Monitor

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service.

Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2026-54736 HIGH PATCH This Week

Authentication-bypass via timing side-channel in Phalcon's Crypt::decrypt (cphalcon PHP framework prior to 5.14.1) allows remote attackers to forge valid HMAC tags and have tampered ciphertext accepted as authentic. Because the HMAC verification uses PHP/Zephir identity comparison that short-circuits on the first mismatching byte, an attacker who can observe response timing can recover a valid tag byte-by-byte and break the encrypt-then-MAC integrity guarantee. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is confirmed and patched by the vendor in 5.14.1.

Information Disclosure PHP Cphalcon
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-59218 MEDIUM PATCH This Month

Timing-based account enumeration in Open WebUI prior to 0.10.0 exposes whether any given email address is registered on a self-hosted AI instance. The /api/v1/auths/signin endpoint only invokes bcrypt password verification when a matching email record exists, making registered-account login attempts measurably slower than attempts against unregistered emails - a classic CWE-208 timing oracle. Unauthenticated remote attackers can exploit this discrepancy at scale to harvest valid account emails, which can then fuel credential stuffing or targeted phishing. No public exploit code or CISA KEV listing has been identified, and the vendor has released a fix in v0.10.0.

Information Disclosure Open Webui
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-15041 LOW Monitor

Timing side-channel exposure in Red Hat Directory Server's PBKDF2-SHA256 password verification allows a remote unauthenticated attacker to send repeated LDAP bind requests and statistically infer partial hash information by measuring response-time differences caused by non-constant-time memcmp() comparisons. Affected deployments span Red Hat Directory Server 11 through 13 and the 389-ds-base package shipped across RHEL 6 through 10. No public exploit identified at time of analysis, and practical exploitation is acknowledged to be extremely difficult due to the computational overhead inherent in PBKDF2 key stretching, which substantially degrades the timing signal.

Information Disclosure Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
3.7
EPSS
0.3%
CVE-2026-41516 LOW PATCH Monitor

RSA PKCS#1 v1.5 decryption in OP-TEE's Hisilicon HPRE hardware accelerator driver exposes a Bleichenbacher-style padding oracle, allowing a local attacker to recover RSA plaintext by adaptively querying the oracle. Affected are optee_os versions 4.5.0 through 4.10.x built with Hisilicon HPRE support (CFG_HISILICON_ACC_V3=y) on Arm TrustZone-based platforms. No public exploit code or CISA KEV listing exists; exploitation is constrained by local access requirements and the high query volume characteristic of Bleichenbacher-class attacks.

Linux Oracle Information Disclosure Optee Os
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-41515 LOW PATCH Monitor

RSA-OAEP decryption in OP-TEE OS versions 3.9.0 through 4.10.x exposes a Manger-style padding oracle via the NXP CAAM hardware crypto driver, enabling local low-privileged attackers to recover RSA-OAEP plaintext through approximately 1,000-2,000 adaptive chosen-ciphertext queries. The flaw arises from non-constant-time memcmp() usage during label hash verification combined with multiple distinguishable error paths that leak oracle-exploitable timing and response information. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained to NXP CAAM-equipped platforms with the RSA driver enabled.

Linux Oracle Information Disclosure Optee Os
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-41514 LOW PATCH Monitor

RSA-OAEP decryption in OP-TEE OS versions 4.5.0 through 4.10.x exposes a Manger-style padding oracle via the Hisilicon HPRE hardware crypto driver, enabling a local attacker to recover RSA-OAEP plaintext through approximately 1000-2000 adaptive chosen ciphertext queries. The root cause is a non-constant-time `memcmp()` used for label hash verification combined with distinguishable error paths - classic CWE-208 timing side-channel conditions. Impact is heavily constrained by a non-default build requirement: only Hisilicon D06 (plat-d06) hardware built with `CFG_HISILICON_ACC_V3=y` is exposed, and no public exploit or active exploitation has been identified at time of analysis.

Linux Oracle Information Disclosure Optee Os
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-27882 MEDIUM PATCH This Month

Coolify's GitLab webhook endpoint leaks its secret token through a timing side-channel, enabling unauthenticated network attackers to reconstruct the token incrementally by measuring HTTP response time differences. All self-hosted Coolify instances prior to 4.0.0-beta.461 with GitLab webhook integrations configured are affected. Once the secret is recovered, an attacker can forge arbitrary GitLab webhook events and potentially trigger unauthorized deployments. No public exploit or active exploitation has been identified at time of analysis; the CVSS-assigned AC:H correctly reflects the practical difficulty of conducting reliable timing measurements over real-world networks.

Gitlab Information Disclosure Coolify
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-13758 LOW PATCH Monitor

Non-constant-time AEAD authentication tag comparison in CryptX before 0.088_001 for Perl exposes a timing oracle in the streaming decrypt_done path, enabling authentication tag forgery across five AEAD cipher modes: GCM, CCM, ChaCha20Poly1305, EAX, and OCB. An attacker who can submit many candidate tags for a fixed nonce and ciphertext while precisely measuring response timing can recover the expected tag byte-by-byte and forge authenticated messages. No public exploit code exists and CISA has not listed this in KEV; EPSS is 0.23% (13th percentile), consistent with SSVC's 'Exploitation: none' rating at time of disclosure.

Oracle Information Disclosure Cryptx
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVSS 6.3
MEDIUM PATCH This Month

Credential inference via timing side-channel is possible in Hono before 4.11.10 when the built-in `basicAuth` or `bearerAuth` middlewares are in use, due to JavaScript's short-circuit `===` string equality operator being used inside the `timingSafeEqual` function for hash comparison. Because `===` terminates on the first differing character, response times vary slightly based on how many leading characters of a credential match the stored hash, enabling an attacker to recover credentials one character at a time through statistical timing analysis. No public exploit has been identified and the vendor GHSA advisory explicitly characterizes this as a hardening improvement with low practical exploitability outside highly controlled, low-jitter network environments.

Information Disclosure Hono
NVD GitHub
EPSS 0% CVSS 3.1
LOW Monitor

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service.

Information Disclosure
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Authentication-bypass via timing side-channel in Phalcon's Crypt::decrypt (cphalcon PHP framework prior to 5.14.1) allows remote attackers to forge valid HMAC tags and have tampered ciphertext accepted as authentic. Because the HMAC verification uses PHP/Zephir identity comparison that short-circuits on the first mismatching byte, an attacker who can observe response timing can recover a valid tag byte-by-byte and break the encrypt-then-MAC integrity guarantee. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is confirmed and patched by the vendor in 5.14.1.

Information Disclosure PHP Cphalcon
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Timing-based account enumeration in Open WebUI prior to 0.10.0 exposes whether any given email address is registered on a self-hosted AI instance. The /api/v1/auths/signin endpoint only invokes bcrypt password verification when a matching email record exists, making registered-account login attempts measurably slower than attempts against unregistered emails - a classic CWE-208 timing oracle. Unauthenticated remote attackers can exploit this discrepancy at scale to harvest valid account emails, which can then fuel credential stuffing or targeted phishing. No public exploit code or CISA KEV listing has been identified, and the vendor has released a fix in v0.10.0.

Information Disclosure Open Webui
NVD GitHub
EPSS 0% CVSS 3.7
LOW Monitor

Timing side-channel exposure in Red Hat Directory Server's PBKDF2-SHA256 password verification allows a remote unauthenticated attacker to send repeated LDAP bind requests and statistically infer partial hash information by measuring response-time differences caused by non-constant-time memcmp() comparisons. Affected deployments span Red Hat Directory Server 11 through 13 and the 389-ds-base package shipped across RHEL 6 through 10. No public exploit identified at time of analysis, and practical exploitation is acknowledged to be extremely difficult due to the computational overhead inherent in PBKDF2 key stretching, which substantially degrades the timing signal.

Information Disclosure Red Hat Directory Server 11 Red Hat Directory Server 12 +6
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

RSA PKCS#1 v1.5 decryption in OP-TEE's Hisilicon HPRE hardware accelerator driver exposes a Bleichenbacher-style padding oracle, allowing a local attacker to recover RSA plaintext by adaptively querying the oracle. Affected are optee_os versions 4.5.0 through 4.10.x built with Hisilicon HPRE support (CFG_HISILICON_ACC_V3=y) on Arm TrustZone-based platforms. No public exploit code or CISA KEV listing exists; exploitation is constrained by local access requirements and the high query volume characteristic of Bleichenbacher-class attacks.

Linux Oracle Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

RSA-OAEP decryption in OP-TEE OS versions 3.9.0 through 4.10.x exposes a Manger-style padding oracle via the NXP CAAM hardware crypto driver, enabling local low-privileged attackers to recover RSA-OAEP plaintext through approximately 1,000-2,000 adaptive chosen-ciphertext queries. The flaw arises from non-constant-time memcmp() usage during label hash verification combined with multiple distinguishable error paths that leak oracle-exploitable timing and response information. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained to NXP CAAM-equipped platforms with the RSA driver enabled.

Linux Oracle Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

RSA-OAEP decryption in OP-TEE OS versions 4.5.0 through 4.10.x exposes a Manger-style padding oracle via the Hisilicon HPRE hardware crypto driver, enabling a local attacker to recover RSA-OAEP plaintext through approximately 1000-2000 adaptive chosen ciphertext queries. The root cause is a non-constant-time `memcmp()` used for label hash verification combined with distinguishable error paths - classic CWE-208 timing side-channel conditions. Impact is heavily constrained by a non-default build requirement: only Hisilicon D06 (plat-d06) hardware built with `CFG_HISILICON_ACC_V3=y` is exposed, and no public exploit or active exploitation has been identified at time of analysis.

Linux Oracle Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Coolify's GitLab webhook endpoint leaks its secret token through a timing side-channel, enabling unauthenticated network attackers to reconstruct the token incrementally by measuring HTTP response time differences. All self-hosted Coolify instances prior to 4.0.0-beta.461 with GitLab webhook integrations configured are affected. Once the secret is recovered, an attacker can forge arbitrary GitLab webhook events and potentially trigger unauthorized deployments. No public exploit or active exploitation has been identified at time of analysis; the CVSS-assigned AC:H correctly reflects the practical difficulty of conducting reliable timing measurements over real-world networks.

Gitlab Information Disclosure Coolify
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Non-constant-time AEAD authentication tag comparison in CryptX before 0.088_001 for Perl exposes a timing oracle in the streaming decrypt_done path, enabling authentication tag forgery across five AEAD cipher modes: GCM, CCM, ChaCha20Poly1305, EAX, and OCB. An attacker who can submit many candidate tags for a fixed nonce and ciphertext while precisely measuring response timing can recover the expected tag byte-by-byte and forge authenticated messages. No public exploit code exists and CISA has not listed this in KEV; EPSS is 0.23% (13th percentile), consistent with SSVC's 'Exploitation: none' rating at time of disclosure.

Oracle Information Disclosure Cryptx
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy