[HIGH] phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

PKSA-km2b-zc3b-mjm3 CVE-2026-32935 GHSA-94g3-g5v7-q4jg

Affected package: phpseclib/phpseclib

Affected version: <=1.0.26|>=2.0.0,<=2.0.51|>=3.0.0,<=3.0.49

Reported by:
GitHub