CVE-2023-52892
X509.php did not properly escape regular expression special
characters in a certificate's subjectAltName, allowing a crafted
certificate to bypass hostname validation in validateURL().
CVE-2026-32935
The block cipher unpadding routine in Crypt/Base.php used a
short-circuiting comparison, creating a timing side channel that
could aid padding-oracle-style attacks.
CVE-2026-40194
The SSH2 implementation compared incoming packet HMACs using a
variable-time string comparison, creating a timing side channel
on cryptographic material.
CVE-2026-44167
The ASN.1 decoder's 4096-byte Object Identifier limit (mitigating
CVE-2024-27355) was still large enough to allow an "OID
amplification" denial of service via crafted ASN.1 structures.
CVE-2026-55599
File_X509 could automatically fetch a URL from a certificate's
Authority Information Access extension without validating the
destination, allowing SSRF via a crafted certificate.
Get the latest Linux and open source security news straight to your inbox.