CVE-2026-11702

high

Description

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

References

https://www.cve.org/CVERecord?id=CVE-2026-41564

https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch

https://github.com/daoswald/Bytes-Random-Secure-Tiny/pull/7

https://github.com/daoswald/Bytes-Random-Secure-Tiny/issues/6

Details

Source: Mitre, NVD

Published: 2026-06-26

Updated: 2026-06-26

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00157