CVE-2026-5086

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

Description

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

INFO

Published Date :

2026-04-13T22:54:53.724Z

Last Modified :

2026-04-15T20:03:28.442Z

Source :

CPANSec

AFFECTED PRODUCTS

The following products are affected by CVE-2026-5086 vulnerability.

Vendors	Products
Nerdvana	Crypt::secretbuffer Crypt\

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5086.

URL	Resource
http://www.openwall.com/lists/oss-security/2026/04/13/12
https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact