Home / Vulnerability Intelligence / CVE-2026-32313

CVE-2026-32313 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 17, 2026

xmlseclibs - Cryptographic Weakness

Published: March 16, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

xmlseclibs prior to 3.1.5 contains a cryptographic vulnerability caused by lack of authentication tag length validation in AES-GCM encrypted XML nodes, letting attackers forge ciphertexts and decrypt nodes, exploit requires crafted encrypted XML nodes.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 2.5%(Probability of exploitation in next 30 days)

Impact

Attackers can decrypt encrypted XML nodes and forge ciphertexts without the encryption key, compromising confidentiality and integrity.

Mitigation

Update to version 3.1.5 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 16, 2026

🟠 CVE-2026-32313 - High (8.2) xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use t... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32313/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32313
Severity: High
CVSS Score: 8.2
Type: weak_cryptography
Status: confirmed
EPSS: 2.5%
Social Posts: 1

CWE

CWE-354

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score

2.5%Probability of exploitation in the next 30 days