CVE-2026-44167

Summary

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.

Affected Software

VendorProductVersion RangeStatus
phpseclibphpseclib>= 3.0.0, < 3.0.52affected
phpseclibphpseclib>= 2.0.0, < 2.0.54affected
phpseclibphpseclib>= 0.1.1, < 1.0.29affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References