CVE-2026-32313

Name of the Vulnerable Software and Affected Versions xmlseclibs versions prior to 3.1.5

Description xmlseclibs is a PHP library used for working with XML Encryption and Signatures. A flaw exists in how XML nodes encrypted with aes-128-gcm, aes-192-gcm, or aes-256-gcm handle authentication tag length validation. Specifically, the length of the authentication tag is not validated during decryption, allowing an attacker to potentially brute-force the tag, recover the GHASH key, and decrypt the encrypted nodes. This also enables the forging of arbitrary ciphertexts without knowledge of the encryption key. The GHASH key is a string of bits used in Galois/Counter Mode (GCM) to ensure the integrity and authenticity of the ciphertext. Exploitation involves manipulating the ciphertext and observing XML parsing errors to recover the key.

Recommendations Versions prior to 3.1.5 should be updated to version 3.1.5 or later.