CVE Catalog

CVE-2026-9638

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. They use the built-in rand function, which is predictable and unsuitable for cryptography.

Risk Assessment

The use of predictable salts can lead to easier password cracking, posing a serious threat to user data security.

Recommendation

It is recommended to upgrade to version 0.261630 or later to ensure secure salt generation.

Original NVD description (English source)

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS