Weakness in Net::BitTorrent without Cryptographic Security by Perl
CVE-2026-57082

5.9MEDIUM

Key Information:

Vendor: Sanko
Status: Net::bittorrent
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-57082?

The Net::BitTorrent library in Perl has a critical cryptographic weakness where it generates the MSE Diffie-Hellman private key using a non-cryptographic pseudo-random number generator (PRNG). This results in the private key being predictable, as it derives from Perl's rand() function, leading to significant security risks. During the MSE handshake, the library sends random padding in cleartext, which allows an observer to recover the PRNG state and reconstruct the private key. Consequently, attackers can easily decrypt the connection and access sensitive data.

Affected Version(s)

Net::BitTorrent 0 <= 2.0.1

References

https://github.com/sanko/Net-BitTorrent.pm/security/advis...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 23, 2026

CVE-2026-57082 Data

JSON

Sanko

What is CVE-2026-57082?

Affected Version(s)

References

CVSS V3.1

Timeline