Skip to main content

Gd

1 CVEs product

Monthly

CVE-2026-13082 MEDIUM PATCH This Month

CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. No public exploit code or active exploitation is identified at time of analysis, but the low attack complexity and the clear exploit path make this a practical integrity risk for deployed instances.

Information Disclosure Gd
NVD VulDB
CVSS 3.1
5.3
CVSS 5.3
MEDIUM PATCH This Month

CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. No public exploit code or active exploitation is identified at time of analysis, but the low attack complexity and the clear exploit path make this a practical integrity risk for deployed instances.

Information Disclosure Gd
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy