CVE Catalog

CVE-2026-11702

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

The Bytes::Random::Secure::Tiny library for Perl (versions up to 1.011) shares internal PRNG state across forked processes. If an object is initialized before forking, all child processes produce identical random streams.

Risk Assessment

Secrets such as tokens or cryptographic keys generated in multiprocess applications become predictable, allowing an attacker to reproduce secrets and compromise system security.

Recommendation

Update Bytes::Random::Secure::Tiny to a version newer than 1.011 or initialize the PRNG object after forking to ensure independent state per process.

Original NVD description (English source)

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS