Skip to main content

Crypt::PBKDF2 EUVDEUVD-2026-36456

| CVE-2026-9638 HIGH
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-06-12 CPANSec GHSA-3rw7-pf56-37cv
7.5
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
2.9 LOW

Exploitation requires prior possession of leaked hashes and PRNG-state reconstruction (AV:L, AC:H); only partial credential recovery affects confidentiality (C:L), with no integrity or availability impact.

3.1 AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative

Primary rating from Vendor (CPANSec).

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 12, 2026 - 18:22 vuln.today
CVSS changed
Jun 12, 2026 - 18:22 NVD
7.5 (HIGH)
Patch available
Jun 12, 2026 - 17:01 EUVD
CVE Published
Jun 12, 2026 - 14:41 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts.

These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

AnalysisAI

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise database containing PBKDF2 hashes
Delivery
Extract stored salt values
Exploit
Reconstruct Perl rand() PRNG state
Execution
Precompute PBKDF2 candidates for common passwords
Persist
Match precomputed hashes against stolen records
Impact
Recover plaintext credentials at scale

Vulnerability AssessmentAI

Exploitation Exploitation requires that (1) the target application stores password hashes produced by Crypt::PBKDF2 before 0.261630 using the module's default/internal salt generation rather than caller-supplied salts, and (2) the attacker has already obtained those stored hashes through a separate compromise (database leak, backup theft, SQL injection). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/C:H/I:N/A:N, 7.5 High) reflects confidentiality impact only and appears overstated for this issue: predictable salts do not directly expose plaintext data over the network - they degrade the offline brute-force resistance of stored hashes that an attacker has already obtained through some other means. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who obtains a dump of a password database hashed with a vulnerable Crypt::PBKDF2 version (for example via SQL injection or a backup leak) recovers or narrows the per-row salts by reconstructing the state of Perl's rand() PRNG from the sequence of stored salts. With predictable salts, the attacker can precompute PBKDF2 hashes for common passwords once and reuse the work across many accounts, or build a targeted rainbow table - dramatically reducing the cost of offline cracking compared to a properly random salt. …
Remediation Vendor-released patch: 0.261630 - upgrade the Crypt::PBKDF2 CPAN distribution to version 0.261630 or later (see https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.261630/changes and the oss-security advisory at https://seclists.org/oss-sec/2026/q2/899). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all applications and systems using Crypt::PBKDF2 module to identify scope and criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Crypt

View all
CVE-2026-30909 CRITICAL
9.8 Mar 08

Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could wea

CVE-2026-2588 CRITICAL
9.1 Feb 23

Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts

CVE-2026-9265 CRITICAL
9.1 Jun 20

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_

CVE-2026-2597 HIGH
7.5 Feb 27

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length param

CVE-2026-30910 HIGH
7.5 Mar 08

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined

CVE-2026-5086 HIGH
7.5 Apr 13

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuff

CVE-2026-6659 HIGH
7.5 May 08

Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable rand

CVE-2026-8704 MEDIUM
6.5 May 15

File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controll

CVE-2026-8463 MEDIUM
5.3 May 13

Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash o

CVE-2026-9641 MEDIUM
5.3 Jun 12

Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the

CVE-2026-14570
Jul 05

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, lead

CVE-2024-58040 CRITICAL
9.1 Sep 30

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (

Vendor StatusVendor

SUSE

Severity: Important
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2026-36456 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy