CVE-2026-40194 | phpseclib up to 1.0.27/2.0.52/3.0.50 SSH2::get_binary_packet timing discrepancy (GHSA-r854-jrxh-36qx)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability classified as problematic was found in phpseclib up to 1.0.27/2.0.52/3.0.50. Impacted is the function SSH2::get_binary_packet. Executing a manipulation can lead to observable timing discrepancy.

The identification of this vulnerability is CVE-2026-40194. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.

CVE-2026-40194 | phpseclib up to 1.0.27/2.0.52/3.0.50 SSH2::get_binary_packet timing discrepancy (GHSA-r854-jrxh-36qx)

Post correlati

CVE-2024-47140 | Observium CE 24.4.13528 add_alert_check cross site scripting (TALOS-2024-2090)

CVE-2023-5908 | PTC KEPServerEX/ThingWorx/OPC-Aggregator heap-based overflow (icsa-23-334-03)

CVE-2024-3623 | quay mirror-registry password in configuration file

CVE-2024-43383 | Apache Lucene.Net.Replicator up to 4.8.0-beta00016 Privilege Escalation