Insecure Random Value Generation in Crypt::SaltedHash for Perl
CVE-2026-47372

Currently unrated

Key Information:

Vendor

Rrwo

Status
Crypt::saltedhash
Vendor
CVE Published:
20 May 2026

What is CVE-2026-47372?

Crypt::SaltedHash versions up to 0.09 for Perl utilize the built-in rand function to generate random salts, leading to predictability and significant security risks in cryptographic applications. This deficiency makes it unsuitable for secure hashing and could expose sensitive data to unauthorized access. Users are strongly advised to upgrade to version 0.10 or later, where this issue has been addressed with more secure random value generation.

Affected Version(s)

Crypt::SaltedHash 0 <= 0.09

References

https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/c...
release-notes
https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b...
patch

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.