216.73.216.133

CVE-2026-6146

· Published 11/05/2026 20:25 · Modified 12/05/2026 16:48

Labels: CVE-2026-6146 2026-05-119b29abf9-4ab0-4765-b253-1875cd9b441eCVE-2026-6146CWE-338

Essential information

Published
11/05/2026 20:25
Modified
12/05/2026 16:48
Author
Creator
CISA KEV
No
CWE

Description

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD
View on NVD

Affected products (CPE)

ProductCPE
amazon / credentials cpe:2.3:a:amazon:credentials:*:*:*:*:*:*:*:*

References