CVE Catalog

CVE-2026-11832

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Risk Assessment

The predictable nonce may lead to replay attacks, compromising user session integrity and application security.

Recommendation

It is recommended to update Dancer2::Plugin::Auth::OAuth to version 0.22 or later to eliminate the predictable nonce issue.

Original NVD description (English source)

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS