Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts
CVE-2026-9638
7.5HIGH
What is CVE-2026-9638?
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
Affected Version(s)
Crypt::PBKDF2 0 < 0.261630