CVE-2026-11625

high

Description

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

References

https://www.cve.org/CVERecord?id=CVE-2026-41564

https://security.metacpan.org/patches/B/Bytes-Random-Secure/0.29/CVE-2026-11625-r1.patch

https://github.com/daoswald/Bytes-Random-Secure/pull/4

https://github.com/daoswald/Bytes-Random-Secure/issues/3

Details

Source: Mitre, NVD

Published: 2026-06-26

Updated: 2026-06-26

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.0016