CVE-2026-8647
Essential information
- Published
- 26/05/2026 23:16
- Modified
- 27/05/2026 19:38
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.
The random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available.
NVD status
- Status
- Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| perl / crypt | cpe:2.3:a:perl:crypt::scryptkdf:0.010:*:*:*:*:*:*:* |