What is the CVSS score of CVE-2026-8700?

CVE-2026-8700 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Crypt::DSA are affected by CVE-2026-8700?

Crypt::DSA for Perl versions before 1.20 use cryptographically weak random number generation, rendering all generated DSA keys cryptographically untrustworthy.. A patch is available.

Crypt::DSA CVE-2026-8700

EUVD-2026-30666 HIGH

Insufficient Entropy (CWE-331)

2026-05-15 9b29abf9-4ab0-4765-b253-1875cd9b441e

GHSA-r2q3-hjc8-7x6q

Information Disclosure

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

May 18, 2026 - 16:22 vuln.today

CVSS changed

May 18, 2026 - 16:22 NVD

7.3 (HIGH)

Patch available

May 15, 2026 - 23:02 EUVD

CVE Published

May 15, 2026 - 22:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Crypt::DSA versions before 1.20 for Perl generate seeds using rand.

Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

AnalysisAI

Cryptographic weakness in Crypt::DSA for Perl versions before 1.20 allows remote attackers to predict DSA key material because seeds are generated with Perl's built-in rand() function instead of a cryptographically secure random source. Any DSA keys, signatures, or nonces produced by affected versions may be recoverable through brute-force or statistical analysis of the predictable PRNG state. …

RemediationAI

Within 24 hours: Identify all systems running Crypt::DSA versions prior to 1.20 and document which applications depend on DSA key generation. Within 7 days: Upgrade all affected instances to Crypt::DSA 1.20 or later and initiate forensic analysis of DSA keys and signatures generated during the vulnerable period. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8700 vulnerability details – vuln.today

Back