CVE-2026-54736
Received Received - Intake

Timing Attack in Phalcon Framework

Vulnerability report for CVE-2026-54736, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first differing byte. This observable timing discrepancy can allow an attacker to recover a valid tag byte-by-byte and attach it to a chosen IV and ciphertext so that decrypt() accepts tampered encrypted content as authentic. This issue is fixed in version 5.14.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
phalcon phalcon 5.14.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Phalcon PHP framework prior to version 5.14.1, specifically in the Phalcon\Encryption\Crypt::decrypt function. The issue arises because the function compares the attacker-supplied HMAC tag against a freshly computed HMAC using PHP/Zephir identity comparison, which effectively performs a byte-wise comparison that returns early when it finds the first differing byte.

This early return creates a timing discrepancy that an attacker can observe. By exploiting this timing difference, an attacker can recover a valid HMAC tag one byte at a time. Once the attacker has a valid tag, they can attach it to a chosen initialization vector (IV) and ciphertext, causing the decrypt() function to accept tampered encrypted content as authentic.

This vulnerability allows attackers to bypass the integrity check of encrypted data, potentially leading to unauthorized data manipulation.

Impact Analysis

This vulnerability can impact you by allowing an attacker to tamper with encrypted data without detection. Because the decrypt() function can be tricked into accepting manipulated ciphertext as authentic, an attacker could alter sensitive information or inject malicious data.

Such unauthorized data manipulation can lead to data integrity breaches, potentially compromising application behavior, user data, or security controls that rely on the authenticity of encrypted content.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Phalcon to version 5.14.1 or later, where the issue has been fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54736. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart