CVE-2026-40194: phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
(updated )
phpseclib\Net\SSH2::get_binary_packet() uses PHP’s != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks.
The finding is Low severity (defense-in-depth), not Critical. Practical exploitation over the network is prevented by SSH’s disconnect-on-MAC-failure behavior combined with per-connection session keys. The fix is a one-liner: replace != with hash_equals(), which the codebase already uses in 9 other places.
- Target:
phpseclib/phpseclib - File:
phpseclib/Net/SSH2.php - Lines (master
e819a163c): 3405 and 3410 - CWE: CWE-208 (Observable Timing Discrepancy)
- CVSS v3.1: 3.7 —
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N - Severity: Low (cryptographic hygiene / defense-in-depth)
- Affected branches:
master,3.0,2.0,1.0(all supported versions)
References
- github.com/advisories/GHSA-r854-jrxh-36qx
- github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac
- github.com/phpseclib/phpseclib/releases/tag/1.0.28
- github.com/phpseclib/phpseclib/releases/tag/2.0.53
- github.com/phpseclib/phpseclib/releases/tag/3.0.51
- github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
- nvd.nist.gov/vuln/detail/CVE-2026-40194
Code Behaviors & Features
Detect and mitigate CVE-2026-40194 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →