Man-in-the-Middle Vulnerability in Dancer Plugin for Google Authentication by Dancer
CVE-2026-13410

Currently unrated

Key Information:

Vendor

Garu

Vendor
CVE Published:
17 July 2026

What is CVE-2026-13410?

The Dancer::Plugin::Auth::Google for Perl versions prior to 0.07 has a significant vulnerability where TLS verification is disabled. This flaw allows an attacker with man-in-the-middle capabilities to intercept communications between the Dancer application and googleapis.com. As a result, the attacker could manipulate the OAuth2 token exchange process, returning forged access tokens and user profiles. This could facilitate unauthorized access, enabling the attacker to impersonate any Google user within the Dancer application.

Affected Version(s)

Dancer::Plugin::Auth::Google 0 <= 0.07

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.