CVE Catalog
CVE-2026-9638
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.03%
9th percentile - higher than 9% of all known CVEs
Summary
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. They use the built-in rand function, which is predictable and unsuitable for cryptography.
Risk Assessment
The use of predictable salts can lead to easier password cracking, posing a serious threat to user data security.
Recommendation
It is recommended to upgrade to version 0.261630 or later to ensure secure salt generation.
Original NVD description (English source)
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

