Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.
PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications.
This modules does not use the Crypt::URandom module, and installing it will not fix the problem.
The random bytes are used for generating an initialisation vector (IV) to encrypt the cookie.
A predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie.
AnalysisAI
PAGI::Middleware::Session::Store::Cookie through version 0.001003 generates cryptographically weak initialization vectors (IVs) for session cookie encryption by falling back to Perl's built-in rand() function when /dev/urandom is unavailable, particularly affecting Windows systems. This predictable IV generation enables attackers to decrypt and tamper with session data stored in cookies, compromising session confidentiality and integrity. No active exploitation has been confirmed, but the vulnerability affects all deployments on systems lacking /dev/urandom access.
Technical ContextAI
PAGI::Middleware::Session::Store::Cookie is a Perl module that manages HTTP session storage via encrypted cookies. The module attempts to source random bytes from /dev/urandom for generating IVs used in cookie encryption (AES or similar block cipher modes). When /dev/urandom fails-a condition that occurs by design on Windows and some other non-Unix systems-the module falls back to Perl's built-in rand() function, which is seeded by the process ID and current time. This produces deterministic, predictable output unsuitable for cryptographic purposes (CWE-338: Use of Insufficiently Random Values). The IV is critical because it ensures identical plaintext produces different ciphertext across sessions; a predictable IV allows an attacker to recognize encrypted patterns and potentially recover session data through cryptanalysis or brute-force decryption.
RemediationAI
Upgrade PAGI::Middleware::Session::Store::Cookie to version 0.001004 or later, which addresses the weak random number generation. To apply the patch, execute 'cpan PAGI::Middleware::Session::Store::Cookie' or use your Perl package manager (e.g., 'apt install libpagi-middleware-session-store-cookie-perl' on Debian-based systems). Verify the installed version with 'perl -MPAGI::Middleware::Session::Store::Cookie -e 'print $PAGI::Middleware::Session::Store::Cookie::VERSION' and confirm it is 0.001004 or higher. No workaround is available for older versions; upgrading is mandatory. See CPAN release notes at https://metacpan.org/release/JJNAPIORK/PAGI-Middleware-Session-Store-Cookie-0.001004/changes for patch details.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17531
GHSA-r6mr-wmgj-f864