CVE-2026-44167

HIGH

phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

Title source: cna
STIX 2.1

Description

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0021
EPSS Percentile 11.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (6)
phpseclib/phpseclib 0.1.1 - 1.0.29Packagist
phpseclib/phpseclib 2.0.0 - 2.0.54Packagist
phpseclib/phpseclib 3.0.0 - 3.0.52Packagist
phpseclib/phpseclib >= 0.1.1, < 1.0.29
phpseclib/phpseclib >= 2.0.0, < 2.0.54
phpseclib/phpseclib >= 3.0.0, < 3.0.52
Published May 12, 2026
Tracked Since May 12, 2026