Low severity3.7NVD Advisory· Published Apr 10, 2026· Updated May 8, 2026
CVE-2026-40194
CVE-2026-40194
Description
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpseclib/phpseclibPackagist | >= 0.1.1, < 1.0.28 | 1.0.28 |
phpseclib/phpseclibPackagist | >= 2.0.0, < 2.0.53 | 2.0.53 |
phpseclib/phpseclibPackagist | >= 3.0.0, < 3.0.51 | 3.0.51 |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/nextcloud-server-32pkg:apk/chainguard/nextcloud-server-33pkg:apk/wolfi/nextcloud-server-32pkg:apk/wolfi/nextcloud-server-33pkg:composer/phpseclib/phpseclib
< 32.0.8-r2+ 4 more
- (no CPE)range: < 32.0.8-r2
- (no CPE)range: < 33.0.3-r0
- (no CPE)range: < 32.0.8-r2
- (no CPE)range: < 33.0.3-r0
- (no CPE)range: >= 0.1.1, < 1.0.28
Patches
Vulnerability mechanics
References
7- github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194acnvdPatchWEB
- github.com/advisories/GHSA-r854-jrxh-36qxghsaADVISORY
- github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qxnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-40194ghsaADVISORY
- github.com/phpseclib/phpseclib/releases/tag/1.0.28nvdRelease NotesWEB
- github.com/phpseclib/phpseclib/releases/tag/2.0.53nvdRelease NotesWEB
- github.com/phpseclib/phpseclib/releases/tag/3.0.51nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.