CVE-2026-44167

<?php require 'vendor/autoload.php'; use phpseclib\File\ASN1; // Example PoC: Loading a crafted ASN.1 string that triggers the bypass/DoS. // This is a simplified representation. Real exploit would contain specific hex payload. $malformed_asn1 = '3082...'; // Placeholder for the malicious ASN.1 hex stream $asn1 = new ASN1(); try { // Decoding the untrusted input triggers the vulnerability $decoded = $asn1->decodeBER(hex2bin($malformed_asn1)); echo "Decoding successful (Vulnerable code might hang or crash here).\n"; } catch (Exception $e) { echo "Error: " . $e->getMessage() . "\n"; } ?>

{"cve": {"id": "CVE-2026-44167", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:29.273", "lastModified": "2026-05-12T18:17:29.273", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-400"}]}], "references": [{"url": "https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc", "source": "[email protected]"}, {"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7", "source": "[email protected]"}]}}