Predictable Key Generation in Amazon Credentials for Perl
CVE-2026-6146

Currently unrated

Key Information:

Vendor: Bigfoot
Status: Amazon::credentials
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-6146?

Amazon::Credentials for Perl prior to version 1.3.0 utilizes a predictable method for generating encryption keys, relying on the built-in rand function. This approach compromises the cryptographic integrity of the stored credentials, as a 64-bit key derived from a non-random source may be easily reproduced. As a result, the obfuscation intended to protect sensitive information can be rendered ineffective, exposing credentials to potential extraction from data dumps.

Affected Version(s)

Amazon::Credentials 0 <= 1.2.0

References

https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1...

release-notes

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Apr 12, 2026

CVE-2026-6146 Data

JSON

Bigfoot

What is CVE-2026-6146?

Affected Version(s)

References

Timeline