Timing Attack Vulnerability in Crypt::SecretBuffer for Perl
CVE-2026-5086

Currently unrated

Key Information:

Vendor: Nerdvana
Status: Crypt::secretbuffer
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-5086?

Crypt::SecretBuffer prior to version 0.019 for Perl is vulnerable to timing attacks. If improperly implemented for tasks such as storing and comparing plaintext passwords, subtle discrepancies in execution time can potentially enable an attacker to derive the secret password. This vulnerability necessitates immediate attention to improve password handling and ensure robust security measures.

Affected Version(s)

Crypt::SecretBuffer 0 < 0.019

References

https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-...

release-notes

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 28, 2026

CVE-2026-5086 Data

JSON

Nerdvana

What is CVE-2026-5086?

Affected Version(s)

References

Timeline