PT-2026-37312 · Phpseclib · Phpseclib

Published

2026-05-05

·

Updated

2026-06-05

·

CVE-2026-44167

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions phpseclib versions prior to 1.0.29 phpseclib versions prior to 2.0.54 phpseclib versions prior to 3.0.52
Description phpseclib is a PHP secure communications library. An issue exists where loading untrusted ASN1 files, such as X509 certificates or RSA PKCS8 private and public keys, can lead to a security bypass.
Recommendations Update to version 1.0.29. Update to version 2.0.54. Update to version 3.0.52.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44167
GHSA-3QPQ-R242-JQJ7

Affected Products

Phpseclib