CVE-2026-8700
7.3 HIGHCrypt::DSA versions before 1.20 for Perl generate seeds using rand
Published: 2026-05-15 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-331
Description
Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46473 — Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand (7.5 HIGH)
- CVE-2026-46474 — Trog::TOTP versions before 1.006 for Perl generate secrets using rand (7.5 HIGH)
- CVE-2026-42155 — Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-com...
- CVE-2025-14972 — * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat
- CVE-2026-7210 — `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML d... (9.8 CRITICAL)