DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-40194: CVE-2026-40194: Observable Timing Discrepancy in phpseclib SSH2 HMAC Verification

#security #cve #cybersecurity

CVE-2026-40194: Observable Timing Discrepancy in phpseclib SSH2 HMAC Verification

Vulnerability ID: CVE-2026-40194
CVSS Score: 3.7
Published: 2026-04-10

CVE-2026-40194 identifies a timing side-channel vulnerability in the phpseclib library's SSH2 implementation. The vulnerability arises from the use of a variable-time string comparison operation during HMAC validation. This theoretical flaw allows an attacker to measure processing time discrepancies to infer information about the expected cryptographic signature, though protocol-level constraints prevent practical remote exploitation.

TL;DR

phpseclib's SSH2 implementation used PHP's != operator for HMAC comparison, resulting in variable-time execution (CWE-208) that leaks 2-14 nanoseconds per matched byte. While technically vulnerable to timing side-channels, SSH protocol mechanics—such as immediate disconnects on MAC errors and per-packet sequence numbers—render remote exploitation infeasible. The flaw was resolved across all major versions by replacing the comparison with the constant-time hash_equals() function.

Technical Details

  • Vulnerability Class: CWE-208: Observable Timing Discrepancy
  • Attack Vector: Network
  • CVSS v3.1 Score: 3.7 (Low)
  • EPSS Probability: 0.00042
  • Impact: Theoretical HMAC Information Leak
  • Exploitation Status: Unexploitable in standard network environments
  • CISA KEV: Not Listed

Affected Systems

  • phpseclib
  • phpseclib/phpseclib: < 1.0.28 (Fixed in: 1.0.28)
  • phpseclib/phpseclib: >= 2.0.0, < 2.0.53 (Fixed in: 2.0.53)
  • phpseclib/phpseclib: >= 3.0.0, < 3.0.51 (Fixed in: 3.0.51)

Code Analysis

Commit: ffe48b6

Replace variable-time HMAC comparison with constant-time hash_equals

- if ($hmac != $this->hmac_check->hash($reconstructed)) {
+ if (!hash_equals($hmac, $this->hmac_check->hash($reconstructed))) {
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Upgrade phpseclib package via Composer to a patched version
  • Audit dependency trees to ensure transitive dependencies on phpseclib are also updated

Remediation Steps:

  1. Identify the major version of phpseclib currently in use (1.x, 2.x, or 3.x)
  2. Run composer update phpseclib/phpseclib to fetch the latest patch release
  3. Verify the installed version meets or exceeds 1.0.28, 2.0.53, or 3.0.51
  4. Execute integration tests to ensure SSH connectivity functions normally post-update

References

Read the full report for CVE-2026-40194 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)