What is the CVSS score of CVE-2026-47372?

CVE-2026-47372 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Crypt::SaltedHash are affected by CVE-2026-47372?

Crypt::SaltedHash through version 0.09 uses weak password salts that enable efficient offline attacks against stolen credential databases.. A patch is available.

How to fix or mitigate CVE-2026-47372?

24 hours: Identify all systems and applications using Crypt::SaltedHash and document current versions. 7 days: Upgrade Crypt::SaltedHash to version 0.10 on all affected systems and verify functionality. 30 days: Evaluate credential re-hashing feasibility; consider forced password reset for high-value accounts if database breach is confirmed or suspected.

Crypt::SaltedHash CVE-2026-47372

EUVD-2026-31198 CRITICAL

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)

2026-05-20 9b29abf9-4ab0-4765-b253-1875cd9b441e

GHSA-h295-pfx3-r298

Information Disclosure Suse

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 15:22 vuln.today

Analysis Generated

May 21, 2026 - 15:22 vuln.today

CVSS changed

May 21, 2026 - 15:22 NVD

9.1 (CRITICAL)

CVE Published

May 20, 2026 - 22:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.

These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

AnalysisAI

Predictable salt generation in the Perl module Crypt::SaltedHash through version 0.09 weakens password hash storage by deriving salts from Perl's non-cryptographic rand() function. Attackers who obtain a salted hash database can predict or precompute salts, dramatically reducing the cost of offline brute-force or rainbow-table attacks against stored credentials. …

RemediationAI

24 hours: Identify all systems and applications using Crypt::SaltedHash and document current versions. 7 days: Upgrade Crypt::SaltedHash to version 0.10 on all affected systems and verify functionality. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-47372 vulnerability details – vuln.today

Back

Crypt::SaltedHash CVE-2026-47372

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code