CVE-2026-5091
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks
Published: 2026-05-21 · Last updated: 2026-05-22
Severity and scoring
- CWE
- CWE-208
Description
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-5091
- [Other]https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e.patch
- [Other]https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_025/changes
- [Other]http://www.openwall.com/lists/oss-security/2026/05/21/19
Related CVEs
Same CWE
- CVE-2026-48011 — Shopware is an open commerce platform (3.7 LOW)
- CVE-2026-48859 — Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enum...
- CVE-2026-5419 — A flaw was found in gnutls (3.7 LOW)
- CVE-2026-45410 — TREK is a collaborative travel planner (5.3 MEDIUM)
- CVE-2026-44061 — Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authen... (5.9 MEDIUM)