216.73.216.133

CVE-2026-8647

· Published 26/05/2026 23:16 · Modified 27/05/2026 19:38

Labels: CVE-2026-8647 2026-05-269b29abf9-4ab0-4765-b253-1875cd9b441eCVE-2026-8647CWE-338

Essential information

Published
26/05/2026 23:16
Modified
27/05/2026 19:38
Author
Creator
CISA KEV
No
CWE

Description

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD
View on NVD

Affected products (CPE)

ProductCPE
perl / crypt cpe:2.3:a:perl:crypt::scryptkdf:0.010:*:*:*:*:*:*:*

References