VYPR
High severity7.5GHSA Advisory· Published May 12, 2026· Updated May 13, 2026

CVE-2026-44167

CVE-2026-44167

Description

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpseclib/phpseclibPackagist
>= 0.1.1, < 1.0.291.0.29
phpseclib/phpseclibPackagist
>= 2.0.0, < 2.0.542.0.54
phpseclib/phpseclibPackagist
>= 3.0.0, < 3.0.523.0.52

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.