Skip to main content

Crypt CVE-2026-5086

| EUVDEUVD-2026-22136 HIGH
Observable Timing Discrepancy (CWE-208)
2026-04-13 CPANSec
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Patch released
Apr 17, 2026 - 15:18 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
0.019
CVSS changed
Apr 15, 2026 - 20:22 NVD
7.5 (HIGH)
EUVD ID Assigned
Apr 13, 2026 - 23:00 euvd
EUVD-2026-22136
CVE Published
Apr 13, 2026 - 22:54 nvd
HIGH 7.5

DescriptionCVE.org

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.

For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Analysis

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Crypt

View all
CVE-2026-30909 CRITICAL
9.8 Mar 08

Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could wea

CVE-2026-2588 CRITICAL
9.1 Feb 23

Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts

CVE-2026-9265 CRITICAL
9.1 Jun 20

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_

CVE-2026-2597 HIGH
7.5 Feb 27

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length param

CVE-2026-30910 HIGH
7.5 Mar 08

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined

CVE-2026-6659 HIGH
7.5 May 08

Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable rand

CVE-2026-9638 HIGH
7.5 Jun 12

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength

CVE-2026-8704 MEDIUM
6.5 May 15

File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controll

CVE-2026-8463 MEDIUM
5.3 May 13

Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash o

CVE-2026-9641 MEDIUM
5.3 Jun 12

Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the

CVE-2026-14570
Jul 05

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, lead

CVE-2024-58040 CRITICAL
9.1 Sep 30

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (

Share

CVE-2026-5086 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy