Skip to main content

Phpseclib

3 CVEs product

Monthly

CVE-2026-55599 PHP MEDIUM POC PATCH This Month

Server-side request forgery in phpseclib's X.509 validation allows unauthenticated network attackers to force the validating server to open arbitrary outbound connections to attacker-controlled hosts, including internal loopback addresses (127.0.0.1) and cloud metadata endpoints (169.254.169.254). The flaw exists because X509::validateSignature() unconditionally fetches URLs embedded in the Authority Information Access extension of untrusted certificates with no blocklist or destination filtering - and this behavior is enabled by default across all three maintained release branches. No CISA KEV listing exists at time of analysis, and no weaponized public exploit was referenced, though the GitHub advisory provides exact file and line references making the trigger path immediately reproducible.

SSRF PHP Phpseclib
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2023-27560 PHP HIGH PATCH This Week

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP Phpseclib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-30130 PHP HIGH PATCH This Week

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Phpseclib Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Server-side request forgery in phpseclib's X.509 validation allows unauthenticated network attackers to force the validating server to open arbitrary outbound connections to attacker-controlled hosts, including internal loopback addresses (127.0.0.1) and cloud metadata endpoints (169.254.169.254). The flaw exists because X509::validateSignature() unconditionally fetches URLs embedded in the Authority Information Access extension of untrusted certificates with no blocklist or destination filtering - and this behavior is enabled by default across all three maintained release branches. No CISA KEV listing exists at time of analysis, and no weaponized public exploit was referenced, though the GitHub advisory provides exact file and line references making the trigger path immediately reproducible.

SSRF PHP Phpseclib
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP Phpseclib
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Phpseclib +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy