What is the CVSS score of CVE-2026-5091?

CVE-2026-5091 has a CVSS 3.x base score of 5.1 (N/A). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-5091?

Yes, a patch is available for CVE-2026-5091. Update the affected software to the latest version immediately.

Catalyst CVE-2026-5091

EUVD-2026-31353

Observable Timing Discrepancy (CWE-208)

2026-05-21 CPANSec

GHSA-37jv-v9vv-wxwv

Information Disclosure Catalyst

5.1

CVSS

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

CVE Published

May 21, 2026 - 21:07 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.

These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

Analysis

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5091 vulnerability details – vuln.today

Back

Catalyst CVE-2026-5091

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Full analysis requires sign-in

Share

External POC / Exploit Code