CVE-2026-54736 - Phalcon: Non-constant-time HMAC verification in `Encryption\Crypt::decrypt` (timing side-channel)
CVE ID :CVE-2026-54736 Published : July 10, 2026, 10:16 p.m. | 16 minutes ago Description :Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir...