CVE-2026-44167

Source
https://cve.org/CVERecord?id=CVE-2026-44167
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44167.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44167
Aliases
Downstream
Related
Published
2026-05-12T17:22:14.764Z
Modified
2026-07-15T01:49:16.168739110Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
Details

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44167.json",
    "cwe_ids": [
        "CWE-400"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/phpseclib/phpseclib

Affected ranges

Type
GIT
Repo
https://github.com/phpseclib/phpseclib
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.52"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.54"
        },
        {
            "introduced": "0.1.1"
        },
        {
            "fixed": "1.0.29"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.1.1
0.1.2
0.1.5
0.2.0
0.2.1
0.2.2
0.3.0
0.3.6
0.3.7
0.3.8
1.*
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
2.*
2.0.0
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.4
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.5
2.0.50
2.0.51
2.0.52
2.0.53
2.0.6
2.0.7
2.0.9
3.*
3.0.0
3.0.1
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.2
3.0.20
3.0.21
3.0.22
3.0.23
3.0.3
3.0.33
3.0.34
3.0.35
3.0.36
3.0.37
3.0.38
3.0.39
3.0.4
3.0.40
3.0.41
3.0.42
3.0.43
3.0.44
3.0.45
3.0.46
3.0.47
3.0.48
3.0.49
3.0.5
3.0.50
3.0.51
3.0.6
3.0.7
3.0.8
3.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44167.json"