CVE-2026-11702
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
The Bytes::Random::Secure::Tiny library for Perl (versions up to 1.011) shares internal PRNG state across forked processes. If an object is initialized before forking, all child processes produce identical random streams.
Risk Assessment
Secrets such as tokens or cryptographic keys generated in multiprocess applications become predictable, allowing an attacker to reproduce secrets and compromise system security.
Recommendation
Update Bytes::Random::Secure::Tiny to a version newer than 1.011 or initialize the PRNG object after forking to ensure independent state per process.
Original NVD description (English source)
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

