Xmlseclibs

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-32313 HIGH PATCH This Week

Critical cryptographic vulnerability in the xmlseclibs PHP library (versions before 3.1.5) that fails to validate authentication tag lengths in AES-GCM encrypted XML nodes. Attackers can exploit this remotely without authentication to brute-force encryption keys, decrypt sensitive data, and forge ciphertexts. While not currently in CISA's KEV catalog, the vulnerability has a high CVSS score of 8.2 and affects a widely-used XML security library.

PHP Information Disclosure Xmlseclibs

NVD GitHub VulDB

CVSS 3.1

8.2

EPSS

0.0%

CVE-2026-32313

EPSS 0% CVSS 8.2

HIGH PATCH This Week

Critical cryptographic vulnerability in the xmlseclibs PHP library (versions before 3.1.5) that fails to validate authentication tag lengths in AES-GCM encrypted XML nodes. Attackers can exploit this remotely without authentication to brute-force encryption keys, decrypt sensitive data, and forge ciphertexts. While not currently in CISA's KEV catalog, the vulnerability has a high CVSS score of 8.2 and affects a widely-used XML security library.

PHP Information Disclosure Xmlseclibs

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy