phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44167.json",
"cwe_ids": [
"CWE-400"
],
"cna_assigner": "GitHub_M"
}{
"extracted_events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.52"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.54"
},
{
"introduced": "0.1.1"
},
{
"fixed": "1.0.29"
}
],
"source": [
"AFFECTED_FIELD",
"REFERENCES"
]
}