Predictable Session ID Risk in CGI::Session::ID::md5 for Perl
CVE-2026-56016
Currently unrated
What is CVE-2026-56016?
The CGI::Session::ID::md5 module in Perl is vulnerable due to its method of generating session IDs which relies on low-entropy sources, including the process ID, epoch time, and the built-in rand() function. These components can be predicted or easily guessed, allowing an attacker to impersonate an existing session. This vulnerability poses a significant risk as it can enable unauthorized access and authentication bypass in applications that utilize this module, necessitating immediate attention from developers to update to safer versions.
Affected Version(s)
CGI::Session::ID::md5 0 < 4.49
