CVE Catalog
CVE-2026-11832
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk0.19%
9th percentile — higher than 9% of all known CVEs
Summary
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
Risk Assessment
The predictable nonce may lead to replay attacks, compromising user session integrity and application security.
Recommendation
It is recommended to update Dancer2::Plugin::Auth::OAuth to version 0.22 or later to eliminate the predictable nonce issue.
Original NVD description (English source)
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

