Skip to main content

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

130 CVEs Avg CVSS 7.4 MITRE
31
CRITICAL
61
HIGH
35
MEDIUM
3
LOW
28
POC
0
KEV

Monthly

CVE-2026-13082 MEDIUM PATCH This Month

CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. No public exploit code or active exploitation is identified at time of analysis, but the low attack complexity and the clear exploit path make this a practical integrity risk for deployed instances.

Information Disclosure Gd
NVD VulDB
CVSS 3.1
5.3
CVE-2026-63089 CRITICAL PATCH Act Now

Peer credential disclosure in WireGuard Easy (wg-easy) through 15.3.0 lets unauthenticated network attackers recover a client's WireGuard PrivateKey and PresharedKey by brute-forcing the one-time configuration link. Because the OTL token is derived from CRC32 over a random value bounded to 0-999, an attacker faces at most 1000 candidate tokens per client ID against the unauthenticated /cnf/:oneTimeLink route, which had no rate limiting and did not enforce token expiration. There is no public exploit identified at time of analysis, but the small keyspace makes exploitation trivial once a valid link is active; the flaw was reported by VulnCheck and is fixed upstream.

Information Disclosure Wg Easy
NVD GitHub
CVSS 4.0
9.0
EPSS
0.2%
CVE-2026-61500 CRITICAL PATCH Act Now

Administrator session forgery in Rejetto HFS (HTTP File Server) versions 3.0.0 through 3.2.0 lets a remote unauthenticated attacker derive the server's session-cookie signing key. Because HFS seeds that key from JavaScript's non-cryptographic Math.random() and simultaneously leaks outputs of the same generator to clients during login, an attacker can sample a few login responses, reconstruct the PRNG state, and mint a valid admin cookie - yielding full administrative control and remote code execution through the server_code configuration feature. No public exploit is identified at time of analysis, but the flaw was reported by VulnCheck/Horizon3.ai and a vendor patch (v3.2.1) exists.

RCE Hfs
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-14495 HIGH This Week

Authentication bypass in the DoLogin Security plugin for WordPress (all versions through 4.3) lets remote attackers forge passwordless magic-link tokens and log in as any user, including administrators. The 32-character token is generated by seeding the Mersenne Twister PRNG (mt_srand) with a value derived from microtime() that carries only ~20 bits of entropy, so the entire token is a deterministic function of a ~10^6-value seed space that can be brute-forced offline. No public exploit identified at time of analysis, but the flaw was reported by Wordfence and the vulnerable code paths are cited directly in the WordPress plugin repository.

WordPress Authentication Bypass Dologin Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-44040 MEDIUM This Month

UltraVNC through 1.8.2.2 exposes a cryptographically weak VNC authentication challenge generator that an attacker can predict by observing network traffic and enumerating a roughly 31-bit seed space derived from wall-clock time and process ID. Successful seed reconstruction allows the attacker to forge or brute-force valid VNC authentication responses, effectively bypassing the RFB challenge-response mechanism and gaining unauthorized remote desktop access. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in the CISA KEV catalog; however, the mathematical basis for exploitation is straightforward given the small seed space.

Microsoft Information Disclosure Ultravnc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-7874 CRITICAL PATCH Act Now

Credential disclosure in IBM Langflow OSS versions 1.0.0 through 1.10.0 stems from a weak, reversible key-derivation mechanism used to protect secrets encrypted at rest, allowing an attacker who can reach the stored credential data to recover the encryption key and decrypt every stored credential. Because Langflow stores API keys, database connection strings, and third-party service tokens used by AI workflow components, recovery of these secrets gives an attacker the keys to all integrated systems. There is no public exploit identified at time of analysis, no CISA KEV listing, and no EPSS score supplied, so the threat is currently theoretical but high-impact, and IBM (the reporter) has released a fix.

IBM Information Disclosure Langflow Oss
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-57082 MEDIUM This Month

MSE Diffie-Hellman key exchange in Net::BitTorrent (Perl, all versions through 2.0.1) is rendered cryptographically transparent to passive network observers because Perl's non-cryptographic rand() function generates the 160-bit DH private key in KeyExchange.pm, and the same PRNG sequence simultaneously produces cleartext random padding transmitted during the same handshake. A passive eavesdropper who captures the handshake can recover the drand48 PRNG state from the observable padding bytes, reconstruct the private key, derive the RC4 session keys, and fully decrypt the MSE-encrypted stream - completely defeating the passive-observation obfuscation MSE is designed to provide. No public exploit has been identified at time of analysis, but the recovery is deterministic and requires only standard number theory once the handshake is captured.

Information Disclosure Net
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-56141 CRITICAL PATCH Act Now

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. Remote unauthenticated attackers can guess or predict the restore codes used for account recovery, enabling them to seize control of arbitrary user accounts. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects the high impact of full account compromise across an identity management platform.

Information Disclosure Hub
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-11832 CRITICAL PATCH Act Now

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Information Disclosure Dancer2 Suse
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-9638 HIGH PATCH This Week

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.

Information Disclosure Crypt Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVSS 5.3
MEDIUM PATCH This Month

CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. No public exploit code or active exploitation is identified at time of analysis, but the low attack complexity and the clear exploit path make this a practical integrity risk for deployed instances.

Information Disclosure Gd
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Peer credential disclosure in WireGuard Easy (wg-easy) through 15.3.0 lets unauthenticated network attackers recover a client's WireGuard PrivateKey and PresharedKey by brute-forcing the one-time configuration link. Because the OTL token is derived from CRC32 over a random value bounded to 0-999, an attacker faces at most 1000 candidate tokens per client ID against the unauthenticated /cnf/:oneTimeLink route, which had no rate limiting and did not enforce token expiration. There is no public exploit identified at time of analysis, but the small keyspace makes exploitation trivial once a valid link is active; the flaw was reported by VulnCheck and is fixed upstream.

Information Disclosure Wg Easy
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Administrator session forgery in Rejetto HFS (HTTP File Server) versions 3.0.0 through 3.2.0 lets a remote unauthenticated attacker derive the server's session-cookie signing key. Because HFS seeds that key from JavaScript's non-cryptographic Math.random() and simultaneously leaks outputs of the same generator to clients during login, an attacker can sample a few login responses, reconstruct the PRNG state, and mint a valid admin cookie - yielding full administrative control and remote code execution through the server_code configuration feature. No public exploit is identified at time of analysis, but the flaw was reported by VulnCheck/Horizon3.ai and a vendor patch (v3.2.1) exists.

RCE Hfs
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authentication bypass in the DoLogin Security plugin for WordPress (all versions through 4.3) lets remote attackers forge passwordless magic-link tokens and log in as any user, including administrators. The 32-character token is generated by seeding the Mersenne Twister PRNG (mt_srand) with a value derived from microtime() that carries only ~20 bits of entropy, so the entire token is a deterministic function of a ~10^6-value seed space that can be brute-forced offline. No public exploit identified at time of analysis, but the flaw was reported by Wordfence and the vulnerable code paths are cited directly in the WordPress plugin repository.

WordPress Authentication Bypass Dologin Security
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

UltraVNC through 1.8.2.2 exposes a cryptographically weak VNC authentication challenge generator that an attacker can predict by observing network traffic and enumerating a roughly 31-bit seed space derived from wall-clock time and process ID. Successful seed reconstruction allows the attacker to forge or brute-force valid VNC authentication responses, effectively bypassing the RFB challenge-response mechanism and gaining unauthorized remote desktop access. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in the CISA KEV catalog; however, the mathematical basis for exploitation is straightforward given the small seed space.

Microsoft Information Disclosure Ultravnc
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Credential disclosure in IBM Langflow OSS versions 1.0.0 through 1.10.0 stems from a weak, reversible key-derivation mechanism used to protect secrets encrypted at rest, allowing an attacker who can reach the stored credential data to recover the encryption key and decrypt every stored credential. Because Langflow stores API keys, database connection strings, and third-party service tokens used by AI workflow components, recovery of these secrets gives an attacker the keys to all integrated systems. There is no public exploit identified at time of analysis, no CISA KEV listing, and no EPSS score supplied, so the threat is currently theoretical but high-impact, and IBM (the reporter) has released a fix.

IBM Information Disclosure Langflow Oss
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

MSE Diffie-Hellman key exchange in Net::BitTorrent (Perl, all versions through 2.0.1) is rendered cryptographically transparent to passive network observers because Perl's non-cryptographic rand() function generates the 160-bit DH private key in KeyExchange.pm, and the same PRNG sequence simultaneously produces cleartext random padding transmitted during the same handshake. A passive eavesdropper who captures the handshake can recover the drand48 PRNG state from the observable padding bytes, reconstruct the private key, derive the RC4 session keys, and fully decrypt the MSE-encrypted stream - completely defeating the passive-observation obfuscation MSE is designed to provide. No public exploit has been identified at time of analysis, but the recovery is deterministic and requires only standard number theory once the handshake is captured.

Information Disclosure Net
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. Remote unauthenticated attackers can guess or predict the restore codes used for account recovery, enabling them to seize control of arbitrary user accounts. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects the high impact of full account compromise across an identity management platform.

Information Disclosure Hub
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Information Disclosure Dancer2 Suse
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.

Information Disclosure Crypt Suse
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy