CVE-2026-32313 Overview
CVE-2026-32313 is a cryptographic vulnerability in xmlseclibs, a widely-used PHP library for working with XML Encryption and Signatures. The vulnerability exists in versions prior to 3.1.5 where XML nodes encrypted with AES-GCM algorithms (aes-128-gcm, aes-192-gcm, or aes-256-gcm) lack proper validation of the authentication tag length. This cryptographic weakness allows attackers to brute-force authentication tags, recover the GHASH key, and ultimately decrypt encrypted XML nodes without possessing the encryption key.
Critical Impact
Attackers can exploit this vulnerability to decrypt sensitive XML data and forge arbitrary ciphertexts without knowing the encryption key, potentially compromising authentication tokens, SAML assertions, and other cryptographically protected XML content.
Affected Products
- xmlseclibs versions prior to 3.1.5
- Applications using xmlseclibs for XML encryption with AES-GCM ciphers
- SAML implementations and XML-based authentication systems dependent on xmlseclibs
Discovery Timeline
- 2026-03-16 - CVE-2026-32313 published to NVD
- 2026-03-17 - Last updated in NVD database
Technical Details for CVE-2026-32313
Vulnerability Analysis
The vulnerability stems from improper cryptographic integrity checking in xmlseclibs when handling AES-GCM encrypted XML data. AES-GCM (Galois/Counter Mode) is an authenticated encryption mode that produces both ciphertext and an authentication tag. The authentication tag is critical for verifying that the ciphertext has not been tampered with and was produced by a party possessing the correct key.
In vulnerable versions of xmlseclibs, the library fails to validate that the authentication tag has the expected length before processing decryption. This oversight enables a truncation attack where an attacker can submit ciphertexts with shortened authentication tags, dramatically reducing the brute-force space required to find a valid tag.
Root Cause
The root cause is the absence of length validation for the authentication tag extracted from encrypted XML data. The XMLSecurityKey.php component extracts the authentication tag from the end of the ciphertext data but does not verify that the extracted tag matches the expected length constant (AUTHTAG_LENGTH). This allows attackers to submit truncated tags that are easier to brute-force.
Attack Vector
This vulnerability is exploitable over the network without authentication. An attacker can intercept or obtain encrypted XML content and then craft malicious ciphertexts with truncated authentication tags. By systematically testing shortened tags, the attacker can:
- Brute-force valid authentication tags due to the reduced tag space
- Recover the GHASH key used in the GCM authentication process
- Decrypt the original encrypted XML nodes
- Forge arbitrary ciphertexts that will pass authentication validation
The following patch demonstrates the security fix implemented in version 3.1.5:
// obtain and remove the authentication tag
$offset = 0 - self::AUTHTAG_LENGTH;
$authTag = substr($data, $offset);
+ if (strlen($authTag) !== self::AUTHTAG_LENGTH) {
+ throw new Exception('Authentication tag length is invalid');
+ }
$data = substr($data, 0, $offset);
$decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA, $this->iv, $authTag);
} else {
Source: GitHub Commit
The fix adds explicit validation to ensure the authentication tag length matches the expected constant before proceeding with decryption, preventing truncation attacks.
Detection Methods for CVE-2026-32313
Indicators of Compromise
- Unusual decryption failures or exceptions in XML processing logs that may indicate probing attempts
- High volumes of SAML or encrypted XML requests with varying payload sizes from single sources
- Application errors related to GCM authentication tag processing
- Evidence of modified or truncated encrypted XML payloads in traffic analysis
Detection Strategies
- Audit PHP application dependencies using Composer to identify xmlseclibs versions below 3.1.5
- Implement application-level logging for XML decryption operations to detect anomalous patterns
- Deploy Web Application Firewall (WAF) rules to inspect and flag malformed encrypted XML payloads
- Use Software Composition Analysis (SCA) tools to continuously monitor for vulnerable library versions
Monitoring Recommendations
- Enable detailed logging for all XML encryption and decryption operations in affected applications
- Monitor for spikes in authentication or decryption failures that could indicate exploitation attempts
- Configure alerts for unusual patterns in encrypted XML traffic size distributions
- Review application security logs for exception messages related to authentication tag processing
How to Mitigate CVE-2026-32313
Immediate Actions Required
- Upgrade xmlseclibs to version 3.1.5 or later immediately using Composer: composer update robrichards/xmlseclibs
- Audit all applications using xmlseclibs to ensure they are using the patched version
- Review any encrypted XML data that may have been exposed and consider key rotation
- If immediate upgrade is not possible, temporarily disable AES-GCM cipher support in favor of alternative encryption modes
Patch Information
The vulnerability is fixed in xmlseclibs version 3.1.5. The fix was merged via GitHub Commit 03062be78178cbb5e8f605cd255dc32a14981f92 and adds proper authentication tag length validation. The complete release is available at the GitHub Release Tag 3.1.5. For additional details, consult the GitHub Security Advisory GHSA-4v26-v6cg-g6f9.
Workarounds
- Temporarily switch to non-GCM encryption algorithms (e.g., aes-128-cbc, aes-256-cbc) until upgrade is complete
- Implement additional application-layer validation for encrypted XML payload sizes and structure
- Apply network-level filtering to reject encrypted XML payloads with unexpected sizes
- Consider deploying a reverse proxy or WAF with custom rules to validate authentication tag lengths before they reach the application
# Upgrade xmlseclibs to patched version
composer require robrichards/xmlseclibs:^3.1.5
# Verify installed version
composer show robrichards/xmlseclibs | grep versions
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
