Executive Summary

CVE-2026-32935 is a vulnerability in the phpseclib PHP secure communications library affecting versions up to 1.0.26, 2.0.51, and 3.0.49. It involves a padding oracle timing attack when using AES encryption in CBC mode. Specifically, the unpadding process leaks timing information due to how the padding length is validated, allowing attackers to infer details about the plaintext by measuring operation timing differences.

The issue arises because the unpadding function does not run in constant time, enabling attackers to exploit timing discrepancies during the padding validation step. This vulnerability is addressed by modifying the unpadding function to perform checks in constant time, preventing timing side-channel attacks.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by compromising the confidentiality of data encrypted using phpseclib with AES in CBC mode. An attacker can exploit timing differences during the unpadding process to gain information about the plaintext, potentially exposing sensitive information.

The attack is network-based and requires no privileges or user interaction, but it has a high complexity. The vulnerability does not affect data integrity or system availability.

Mitigation involves updating to patched versions of phpseclib (1.0.27, 2.0.52, or 3.0.50) or using AES encryption modes other than CBC, such as CTR, CFB, or OFB.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability is a padding oracle timing attack affecting the unpadding operation in AES CBC mode within phpseclib. Detection involves identifying usage of vulnerable phpseclib versions (1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49) and monitoring for timing discrepancies during AES CBC decryption operations.

Since the vulnerability is related to timing side-channels in the unpadding function, direct detection via network commands is challenging. However, you can detect vulnerable versions by checking the installed phpseclib package version.

• Check phpseclib version in your project by running: `composer show phpseclib/phpseclib` or inspecting the version in your dependency manager.
• Search your codebase for usage of AES in CBC mode with phpseclib to identify potential vulnerable cryptographic operations.

For network detection, monitoring for unusual timing patterns or anomalous requests exploiting AES CBC decryption might require custom timing analysis tools or intrusion detection systems configured to detect timing attacks, but no specific commands are provided in the resources.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to update phpseclib to a patched version where the vulnerability is fixed.

• Upgrade phpseclib to version 1.0.27 or later, 2.0.52 or later, or 3.0.50 or later.

If immediate upgrade is not possible, consider avoiding the use of AES in CBC mode and instead use other AES modes that are not vulnerable to this timing attack.

• Use AES modes such as CTR (Counter), CFB (Cipher Feedback), or OFB (Output Feedback) instead of CBC.

These steps reduce the risk of attackers exploiting timing discrepancies during the unpadding operation.

Useful 0 Not Useful 0