CVE-2026-32313 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm,…
High CVSS: 8.2

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 3.1.5.
Vendor
Xmlseclibs Project
Product
Xmlseclibs
CWE
CWE-354
Yayın Tarihi
2026-03-16 14:19:33
Güncelleme
2026-03-17 19:25:41
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-354 Xmlseclibs HIGH Xmlseclibs Project 2026

Referanslar

https://github.com/robrichards/xmlseclibs/commit/03062be78178cbb5e8f605cd255dc32a14981f92 https://github.com/robrichards/xmlseclibs/releases/tag/3.1.5 https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-4v26-v6cg-g6f9