Skip to main content

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

128 CVEs Avg CVSS 7.5 MITRE
30
CRITICAL
61
HIGH
34
MEDIUM
3
LOW
28
POC
0
KEV

Monthly

CVE-2026-61500 CRITICAL PATCH Act Now

Administrator session forgery in Rejetto HFS (HTTP File Server) versions 3.0.0 through 3.2.0 lets a remote unauthenticated attacker derive the server's session-cookie signing key. Because HFS seeds that key from JavaScript's non-cryptographic Math.random() and simultaneously leaks outputs of the same generator to clients during login, an attacker can sample a few login responses, reconstruct the PRNG state, and mint a valid admin cookie - yielding full administrative control and remote code execution through the server_code configuration feature. No public exploit is identified at time of analysis, but the flaw was reported by VulnCheck/Horizon3.ai and a vendor patch (v3.2.1) exists.

RCE Hfs
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-14495 HIGH This Week

Authentication bypass in the DoLogin Security plugin for WordPress (all versions through 4.3) lets remote attackers forge passwordless magic-link tokens and log in as any user, including administrators. The 32-character token is generated by seeding the Mersenne Twister PRNG (mt_srand) with a value derived from microtime() that carries only ~20 bits of entropy, so the entire token is a deterministic function of a ~10^6-value seed space that can be brute-forced offline. No public exploit identified at time of analysis, but the flaw was reported by Wordfence and the vulnerable code paths are cited directly in the WordPress plugin repository.

WordPress Authentication Bypass Dologin Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-44040 MEDIUM This Month

UltraVNC through 1.8.2.2 exposes a cryptographically weak VNC authentication challenge generator that an attacker can predict by observing network traffic and enumerating a roughly 31-bit seed space derived from wall-clock time and process ID. Successful seed reconstruction allows the attacker to forge or brute-force valid VNC authentication responses, effectively bypassing the RFB challenge-response mechanism and gaining unauthorized remote desktop access. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in the CISA KEV catalog; however, the mathematical basis for exploitation is straightforward given the small seed space.

Microsoft Information Disclosure Ultravnc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-7874 CRITICAL PATCH Act Now

Credential disclosure in IBM Langflow OSS versions 1.0.0 through 1.10.0 stems from a weak, reversible key-derivation mechanism used to protect secrets encrypted at rest, allowing an attacker who can reach the stored credential data to recover the encryption key and decrypt every stored credential. Because Langflow stores API keys, database connection strings, and third-party service tokens used by AI workflow components, recovery of these secrets gives an attacker the keys to all integrated systems. There is no public exploit identified at time of analysis, no CISA KEV listing, and no EPSS score supplied, so the threat is currently theoretical but high-impact, and IBM (the reporter) has released a fix.

IBM Information Disclosure Langflow Oss
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-57082 MEDIUM This Month

MSE Diffie-Hellman key exchange in Net::BitTorrent (Perl, all versions through 2.0.1) is rendered cryptographically transparent to passive network observers because Perl's non-cryptographic rand() function generates the 160-bit DH private key in KeyExchange.pm, and the same PRNG sequence simultaneously produces cleartext random padding transmitted during the same handshake. A passive eavesdropper who captures the handshake can recover the drand48 PRNG state from the observable padding bytes, reconstruct the private key, derive the RC4 session keys, and fully decrypt the MSE-encrypted stream - completely defeating the passive-observation obfuscation MSE is designed to provide. No public exploit has been identified at time of analysis, but the recovery is deterministic and requires only standard number theory once the handshake is captured.

Information Disclosure Net
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-56141 CRITICAL PATCH Act Now

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. Remote unauthenticated attackers can guess or predict the restore codes used for account recovery, enabling them to seize control of arbitrary user accounts. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects the high impact of full account compromise across an identity management platform.

Information Disclosure Hub
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-11832 CRITICAL PATCH Act Now

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Information Disclosure Dancer2 Suse
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-9638 HIGH PATCH This Week

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.

Information Disclosure Crypt Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46493 HIGH PATCH This Week

Weak cryptographic salt generation in HAX CMS (haxcms-php) versions prior to 26.0.1 allows remote unauthenticated attackers to predict or recover salt values used during installation and authentication-related operations. The flaw stems from using PHP's uniqid() - a timestamp-based, non-cryptographic function - as a randomness source (CWE-338). No public exploit has been identified at time of analysis and the CVE is not on CISA KEV.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41858 HIGH PATCH This Week

Predictable password generation in Cloud Foundry's BOSH windows-utilities-release (versions prior to v0.23.0) allows remote attackers to recover the local Administrator password set by the randomize_password job. The Get-RandomPassword routine seeds its PRNG from system clock state, so an attacker who can estimate VM boot time can reduce the search space to a small candidate list and brute-force the credential, defeating the hardening control that was supposed to lock down the account. No public exploit identified at time of analysis, but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/C:H) reflects the realistic recoverability of high-value Administrator credentials over the network.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Administrator session forgery in Rejetto HFS (HTTP File Server) versions 3.0.0 through 3.2.0 lets a remote unauthenticated attacker derive the server's session-cookie signing key. Because HFS seeds that key from JavaScript's non-cryptographic Math.random() and simultaneously leaks outputs of the same generator to clients during login, an attacker can sample a few login responses, reconstruct the PRNG state, and mint a valid admin cookie - yielding full administrative control and remote code execution through the server_code configuration feature. No public exploit is identified at time of analysis, but the flaw was reported by VulnCheck/Horizon3.ai and a vendor patch (v3.2.1) exists.

RCE Hfs
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authentication bypass in the DoLogin Security plugin for WordPress (all versions through 4.3) lets remote attackers forge passwordless magic-link tokens and log in as any user, including administrators. The 32-character token is generated by seeding the Mersenne Twister PRNG (mt_srand) with a value derived from microtime() that carries only ~20 bits of entropy, so the entire token is a deterministic function of a ~10^6-value seed space that can be brute-forced offline. No public exploit identified at time of analysis, but the flaw was reported by Wordfence and the vulnerable code paths are cited directly in the WordPress plugin repository.

WordPress Authentication Bypass Dologin Security
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

UltraVNC through 1.8.2.2 exposes a cryptographically weak VNC authentication challenge generator that an attacker can predict by observing network traffic and enumerating a roughly 31-bit seed space derived from wall-clock time and process ID. Successful seed reconstruction allows the attacker to forge or brute-force valid VNC authentication responses, effectively bypassing the RFB challenge-response mechanism and gaining unauthorized remote desktop access. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in the CISA KEV catalog; however, the mathematical basis for exploitation is straightforward given the small seed space.

Microsoft Information Disclosure Ultravnc
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Credential disclosure in IBM Langflow OSS versions 1.0.0 through 1.10.0 stems from a weak, reversible key-derivation mechanism used to protect secrets encrypted at rest, allowing an attacker who can reach the stored credential data to recover the encryption key and decrypt every stored credential. Because Langflow stores API keys, database connection strings, and third-party service tokens used by AI workflow components, recovery of these secrets gives an attacker the keys to all integrated systems. There is no public exploit identified at time of analysis, no CISA KEV listing, and no EPSS score supplied, so the threat is currently theoretical but high-impact, and IBM (the reporter) has released a fix.

IBM Information Disclosure Langflow Oss
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

MSE Diffie-Hellman key exchange in Net::BitTorrent (Perl, all versions through 2.0.1) is rendered cryptographically transparent to passive network observers because Perl's non-cryptographic rand() function generates the 160-bit DH private key in KeyExchange.pm, and the same PRNG sequence simultaneously produces cleartext random padding transmitted during the same handshake. A passive eavesdropper who captures the handshake can recover the drand48 PRNG state from the observable padding bytes, reconstruct the private key, derive the RC4 session keys, and fully decrypt the MSE-encrypted stream - completely defeating the passive-observation obfuscation MSE is designed to provide. No public exploit has been identified at time of analysis, but the recovery is deterministic and requires only standard number theory once the handshake is captured.

Information Disclosure Net
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. Remote unauthenticated attackers can guess or predict the restore codes used for account recovery, enabling them to seize control of arbitrary user accounts. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects the high impact of full account compromise across an identity management platform.

Information Disclosure Hub
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Information Disclosure Dancer2 Suse
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.

Information Disclosure Crypt Suse
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Weak cryptographic salt generation in HAX CMS (haxcms-php) versions prior to 26.0.1 allows remote unauthenticated attackers to predict or recover salt values used during installation and authentication-related operations. The flaw stems from using PHP's uniqid() - a timestamp-based, non-cryptographic function - as a randomness source (CWE-338). No public exploit has been identified at time of analysis and the CVE is not on CISA KEV.

PHP Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Predictable password generation in Cloud Foundry's BOSH windows-utilities-release (versions prior to v0.23.0) allows remote attackers to recover the local Administrator password set by the randomize_password job. The Get-RandomPassword routine seeds its PRNG from system clock state, so an attacker who can estimate VM boot time can reduce the search space to a small candidate list and brute-force the credential, defeating the hardening control that was supposed to lock down the account. No public exploit identified at time of analysis, but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/C:H) reflects the realistic recoverability of high-value Administrator credentials over the network.

Information Disclosure Microsoft
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy