Hey there!
Wanted to report that there is a high-severity vulnerability published for phpseclib.
Thank you for having a look!
Relevant CVE:
Output of composer audit:
+-------------------+----------------------------------------------------------------------------------+
| Package | phpseclib/phpseclib |
| Severity | high |
| Advisory ID | PKSA-km2b-zc3b-mjm3 |
| CVE | CVE-2026-32935 |
| Title | phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack |
| URL | https://github.com/advisories/GHSA-94g3-g5v7-q4jg |
| Affected versions | <=1.0.26|>=2.0.0,<=2.0.51|>=3.0.0,<=3.0.49 |
| Reported at | 2026-03-19T16:42:18+00:00 |
+-------------------+----------------------------------------------------------------------------------+
Hey there!
Wanted to report that there is a high-severity vulnerability published for
phpseclib.Thank you for having a look!
Relevant CVE:
Output of
composer audit: