Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AV:N and PR:N are clear; AC:H reflects the need to observe multiple CAPTCHA outputs to reconstruct rand() seed before prediction succeeds.
Primary rating from Vendor (CPANSec).
CVSS VectorVendor: CPANSec
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets.
The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string.
The built-in rand function is unsuitable for security applications because it is predictable and reversible.
AnalysisAI
CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target Perl application uses GD::SecurityImage versions 0 through 1.75 to generate CAPTCHA challenges presented over a network interface. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N reflects a moderate-severity integrity issue with no authentication barrier and low complexity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targeting a Perl web application protected by GD::SecurityImage submits multiple requests to observe a sequence of CAPTCHA challenge strings, then uses the known-weak rand() PRNG algorithm to reconstruct the internal seed state. With the seed recovered, the attacker predicts all subsequent CAPTCHA tokens and scripts automated form submissions - for example, bulk account registrations or credential stuffing - without triggering the CAPTCHA defense. … |
| Remediation | A patch file has been published by the vendor through the MetaCPAN security team at https://security.metacpan.org/patches/G/GD-SecurityImage/1.75/CVE-2026-13082-r1.patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45169
GHSA-p496-rgmp-v9mg