CVE-2026-40194
Description
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpseclib/phpseclibPackagist | >= 0.1.1, < 1.0.28 | 1.0.28 |
phpseclib/phpseclibPackagist | >= 2.0.0, < 2.0.53 | 2.0.53 |
phpseclib/phpseclibPackagist | >= 3.0.0, < 3.0.51 | 3.0.51 |
Affected products
1Patches
1ffe48b6b1b1aSSH2: use constant time string comparison in get_binary_packet():
1 file changed · +30 −1
phpseclib/Net/SSH2.php+30 −1 modified@@ -3807,7 +3807,7 @@ function _get_binary_packet($skip_channel_filter = false) $this->bitmap = 0; user_error('Error reading socket'); return false; - } elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) { + } elseif (!$this->_equals($hmac, $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding)))) { user_error('Invalid HMAC'); return false; } @@ -5700,4 +5700,33 @@ function bytesUntilKeyReexchange($bytes) { $this->doKeyReexchangeAfterXBytes = $bytes; } + + /** + * Constant time equality testing + * + * Pretty much copy / pasted from Crypt/RSA.php + * + * @access private + * @param string $x + * @param string $y + * @return bool + */ + function _equals($x, $y) + { + if (function_exists('hash_equals')) { + return hash_equals($x, $y); + } + + if (strlen($x) != strlen($y)) { + return false; + } + + $result = "\0"; + $x^= $y; + for ($i = 0; $i < strlen($x); $i++) { + $result|= $x[$i]; + } + + return $result === "\0"; + } }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194acnvdPatchWEB
- github.com/advisories/GHSA-r854-jrxh-36qxghsaADVISORY
- github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qxnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-40194ghsaADVISORY
- github.com/phpseclib/phpseclib/releases/tag/1.0.28nvdRelease NotesWEB
- github.com/phpseclib/phpseclib/releases/tag/2.0.53nvdRelease NotesWEB
- github.com/phpseclib/phpseclib/releases/tag/3.0.51nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.