What is the CVSS score of EUVD-2026-31196?

EUVD-2026-31196 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Crypt::SaltedHash are affected by EUVD-2026-31196?

Crypt::SaltedHash module versions through 0.09 contain a timing side-channel vulnerability that enables password hash recovery, affecting any Perl-based system using the module for credential…. A patch is available.

Crypt::SaltedHash EUVD-2026-31196

| CVE-2026-47373 HIGH

Observable Timing Discrepancy (CWE-208)

2026-05-20 9b29abf9-4ab0-4765-b253-1875cd9b441e

GHSA-mjc4-qqxc-7h36

Information Disclosure Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 15:22 vuln.today

Analysis Generated

May 21, 2026 - 15:22 vuln.today

CVSS changed

May 21, 2026 - 15:22 NVD

7.5 (HIGH)

CVE Published

May 20, 2026 - 21:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.

These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

AnalysisAI

Timing side-channel in the Perl module Crypt::SaltedHash through version 0.09 allows remote attackers to recover stored password hashes by measuring response-time discrepancies during hash validation. The flaw stems from use of Perl's short-circuiting eq operator inside the validate() routine, enabling byte-by-byte hash inference. …

RemediationAI

Within 24 hours: Identify all systems and applications using Crypt::SaltedHash and document their current versions. Within 7 days: Upgrade all affected systems to Crypt::SaltedHash version 0.10 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

EUVD-2026-31196 vulnerability details – vuln.today

Back

Crypt::SaltedHash EUVD-2026-31196

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code