Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
CVE-2026-11347 (GCVE-0-2026-11347)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:18 – Updated: 2026-06-05 20:22
VLAI
EPSS
VEX
Title
Hardcoded Cryptographic Keys and Weak IV Generation in linqi
Summary
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://linqi.help/en/reference/security/security… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| linqi GmbH | linqi |
Affected:
0 , ≤ 1.4.8.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:22:15.334464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:22:25.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "linqi",
"vendor": "linqi GmbH",
"versions": [
{
"lessThanOrEqual": "1.4.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ianis BERNARD from NATO Cyber Security Centre (NCSC)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.\u003c/p\u003e"
}
],
"value": "The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T11:51:48.757Z",
"orgId": "86c47df7-7d28-48da-920a-6423c52fd3da",
"shortName": "linqi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://linqi.help/en/reference/security/security-advisories/#security-advisory-hardcoded-cryptographic-keys-and-weak-iv-generation-in-linqi"
}
],
"title": "Hardcoded Cryptographic Keys and Weak IV Generation in linqi"
}
},
"cveMetadata": {
"assignerOrgId": "86c47df7-7d28-48da-920a-6423c52fd3da",
"assignerShortName": "linqi",
"cveId": "CVE-2026-11347",
"datePublished": "2026-06-05T10:18:35.703Z",
"dateReserved": "2026-06-05T08:52:47.208Z",
"dateUpdated": "2026-06-05T20:22:25.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11832 (GCVE-0-2026-11832)
Vulnerability from cvelistv5 – Published: 2026-06-15 21:19 – Updated: 2026-06-16 16:05
VLAI
EPSS
VEX
Title
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce
Summary
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BIAFRA | Dancer2::Plugin::Auth::OAuth |
Affected:
0 , < 0.22
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-11832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T16:04:26.121317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T16:05:26.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Dancer2-Plugin-Auth-OAuth",
"product": "Dancer2::Plugin::Auth::OAuth",
"programFiles": [
"lib/Dancer2/Plugin/Auth/OAuth/Provider.pm"
],
"programRoutines": [
{
"name": "Dancer2::Plugin::Auth::OAuth::Provider::_default_args_v1"
}
],
"repo": "https://github.com/biafra/perl-Dancer2-Plugin-Auth-OAuth",
"vendor": "BIAFRA",
"versions": [
{
"lessThan": "0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.\n\nThe default nonce was generated using an MD5 hash of the epoch time, which is predictable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T21:19:07.321Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BIAFRA/Dancer2-Plugin-Auth-OAuth-0.22/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22376"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc5849#section-3.3"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc5849#section-4.9"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.22 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-11832",
"datePublished": "2026-06-15T21:19:07.321Z",
"dateReserved": "2026-06-09T21:09:06.279Z",
"dateUpdated": "2026-06-16T16:05:26.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14495 (GCVE-0-2026-14495)
Vulnerability from cvelistv5 – Published: 2026-07-08 05:34 – Updated: 2026-07-08 12:44
VLAI
EPSS
VEX
Title
DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token
Summary
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because `dologin\s::rrand()` seeds the Mersenne Twister with `mt_srand((double) microtime() * 1000000)` — discarding the integer-seconds component of `microtime()` and constraining the seed to a range of approximately 10^6 values (~20 bits of entropy) — after which every character of the 32-character magic-link token is drawn sequentially with `mt_rand()`, making the entire token a deterministic function of that seed. Because `Pswdless::try_login()` is registered on the unauthenticated `init` hook, resolves the target account by the auto-increment numeric ID embedded in the `?dologin=<id>.<hash>` parameter, performs the hash comparison using a non-constant-time `!=` operator, and then calls `wp_set_auth_cookie()` directly — never passing through `wp_authenticate()` and therefore never triggering the plugin's own `Auth::_has_login_err()` lockout — an unauthenticated attacker can brute-force the ~10^6-candidate seed space to reconstruct an active passwordless login token and authenticate as any targeted user, including administrators, without a password. Exploitation requires that a valid, unexpired passwordless login link (active for up to 7 days) exists for the target account at the time of the attack, and that the numeric link ID is known or guessable from the auto-increment primary key.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wpdo5ea | DoLogin Security |
Affected:
0 , ≤ 4.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:43:37.967188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:44:30.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DoLogin Security",
"vendor": "wpdo5ea",
"versions": [
{
"lessThanOrEqual": "4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "samuel pages chartier"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because `dologin\\s::rrand()` seeds the Mersenne Twister with `mt_srand((double) microtime() * 1000000)` \u2014 discarding the integer-seconds component of `microtime()` and constraining the seed to a range of approximately 10^6 values (~20 bits of entropy) \u2014 after which every character of the 32-character magic-link token is drawn sequentially with `mt_rand()`, making the entire token a deterministic function of that seed. Because `Pswdless::try_login()` is registered on the unauthenticated `init` hook, resolves the target account by the auto-increment numeric ID embedded in the `?dologin=\u003cid\u003e.\u003chash\u003e` parameter, performs the hash comparison using a non-constant-time `!=` operator, and then calls `wp_set_auth_cookie()` directly \u2014 never passing through `wp_authenticate()` and therefore never triggering the plugin\u0027s own `Auth::_has_login_err()` lockout \u2014 an unauthenticated attacker can brute-force the ~10^6-candidate seed space to reconstruct an active passwordless login token and authenticate as any targeted user, including administrators, without a password. Exploitation requires that a valid, unexpired passwordless login link (active for up to 7 days) exists for the target account at the time of the attack, and that the numeric link ID is known or guessable from the auto-increment primary key."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T05:34:07.285Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16bce371-b524-48eb-8537-3f9df802abd3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L86"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/s.cls.php#L240"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L197"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L27"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-07T16:39:40.000Z",
"value": "Disclosed"
}
],
"title": "DoLogin Security \u003c= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via \u0027dologin\u0027 Parameter Weak PRNG Token"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-14495",
"datePublished": "2026-07-08T05:34:07.285Z",
"dateReserved": "2026-07-02T17:42:28.811Z",
"dateUpdated": "2026-07-08T12:44:30.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2439 (GCVE-0-2026-2439)
Vulnerability from cvelistv5 – Published: 2026-02-16 21:25 – Updated: 2026-02-17 14:45
VLAI
EPSS
VEX
Title
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids
Summary
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,
* There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.
* The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.
* UUIDs are identifiers whose mere possession grants access, as per RFC 9562.
* The output of the built-in rand() function is predictable and unsuitable for security applications.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BVA | Concierge::Sessions |
Affected:
0.8.1 , < 0.8.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:44:27.594037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:45:00.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Concierge-Sessions",
"product": "Concierge::Sessions",
"programFiles": [
"lib/Concierge/Sessions/Base.pm"
],
"repo": "https://github.com/bwva/Concierge-Sessions",
"vendor": "BVA",
"versions": [
{
"lessThan": "0.8.5",
"status": "affected",
"version": "0.8.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Robert Rothenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl\u0027s built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,\n\n * There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.\n * The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.\n * UUIDs are identifiers whose mere possession grants access, as per RFC 9562.\n * The output of the built-in rand() function is predictable and unsuitable for security applications."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T21:25:21.091Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"related"
],
"url": "https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm"
},
{
"tags": [
"related"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"tags": [
"related"
],
"url": "https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"
},
{
"tags": [
"related"
],
"url": "https://perldoc.perl.org/5.42.0/functions/rand"
},
{
"tags": [
"patch"
],
"url": "https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Concierge::Sessions v0.8.5 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-2439",
"datePublished": "2026-02-16T21:25:21.091Z",
"dateReserved": "2026-02-12T23:47:52.767Z",
"dateUpdated": "2026-02-17T14:45:00.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25726 (GCVE-0-2026-25726)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:06 – Updated: 2026-04-04 03:21
VLAI
EPSS
VEX
Title
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Summary
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon first startup and persisted in the database. An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cloudreve/cloudreve/security/a… | x_refsource_CONFIRM |
| https://github.com/cloudreve/cloudreve/releases/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-04T03:21:10.510009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T03:21:18.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cloudreve",
"vendor": "cloudreve",
"versions": [
{
"status": "affected",
"version": "\u003c 4.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon first startup and persisted in the database. An attacker can exploit this by obtaining the administrator\u0027s account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take \u003c3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:06:21.629Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cloudreve/cloudreve/security/advisories/GHSA-f8xp-wvcx-p6f4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudreve/cloudreve/security/advisories/GHSA-f8xp-wvcx-p6f4"
},
{
"name": "https://github.com/cloudreve/cloudreve/releases/tag/4.13.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cloudreve/cloudreve/releases/tag/4.13.0"
}
],
"source": {
"advisory": "GHSA-f8xp-wvcx-p6f4",
"discovery": "UNKNOWN"
},
"title": "Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25726",
"datePublished": "2026-04-03T20:06:21.629Z",
"dateReserved": "2026-02-05T16:48:00.426Z",
"dateUpdated": "2026-04-04T03:21:18.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3255 (GCVE-0-2026-3255)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:12 – Updated: 2026-03-03 20:23
VLAI
EPSS
VEX
Title
HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function
Summary
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.
The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.
HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TOKUHIROM | HTTP::Session2 |
Affected:
0 , < 1.12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-28T00:15:39.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/27/12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T20:23:27.914632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:23:53.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "HTTP-Session2",
"product": "HTTP::Session2",
"repo": "https://github.com/tokuhirom/HTTP-Session2",
"vendor": "TOKUHIROM",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function.\n\nThe HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage.\n\nHTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:12:35.414Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.11/source/lib/HTTP/Session2/Random.pm#L35"
},
{
"url": "https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.01/source/lib/HTTP/Session2/ServerStore.pm#L68"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.12/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tokuhirom/HTTP-Session2/commit/9cfde4d7e0965172aef5dcfa3b03bb48df93e636.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "HTTP::Session2 has been deprecated since version 1.11. Migrate to a different solution."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2014-07-31T00:00:00.000Z",
"value": "version 1.02 HTTP::Session2 released that attempts to use /dev/urandom."
},
{
"lang": "en",
"time": "2026-02-24T00:00:00.000Z",
"value": "version 1.11 HTTP::Session2 deprecated"
},
{
"lang": "en",
"time": "2026-02-26T00:00:00.000Z",
"value": "version 1.12 HTTP::Session2 released with a fix with a portable solution."
}
],
"title": "HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to version 1.12 or later."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-3255",
"datePublished": "2026-02-27T20:12:35.414Z",
"dateReserved": "2026-02-26T11:43:17.278Z",
"dateUpdated": "2026-03-03T20:23:53.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3256 (GCVE-0-2026-3256)
Vulnerability from cvelistv5 – Published: 2026-03-28 18:52 – Updated: 2026-06-29 06:50
VLAI
EPSS
VEX
Title
HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids
Summary
HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids.
HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
The distribution includes HTTP::session::ID::MD5 which contains a similar flaw, but uses the MD5 hash instead.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| KTAT | HTTP::Session |
Affected:
0 , < 0.54
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-28T20:06:47.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/28/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:14:27.526725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:14:51.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "http-session",
"product": "HTTP::Session",
"programRoutines": [
{
"name": "HTTP::Session::ID::SHA1::generate_id"
},
{
"name": "HTTP::Session::ID::MD5::generate_id"
}
],
"repo": "https://github.com/tokuhirom/http-session",
"vendor": "KTAT",
"versions": [
{
"lessThan": "0.54",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids.\n\nHTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nThe distribution includes HTTP::session::ID::MD5 which contains a similar flaw, but uses the MD5 hash instead."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T06:50:16.274Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/SHA1.pm"
},
{
"url": "https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/MD5.pm"
},
{
"tags": [
"technical-description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TOKUHIROM/http-session-0.54/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.54 or later.\n\nNote that HTTP::Session as of version 0.54 is deprecated. Users should migrate their applications to alternative solutions."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-03-28T00:00:00.000Z",
"value": "CVE-2026-3256 published"
},
{
"lang": "en",
"time": "2026-06-27T00:00:00.000Z",
"value": "HTTP::Session version 0.54 released"
}
],
"title": "HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-3256",
"datePublished": "2026-03-28T18:52:39.917Z",
"dateReserved": "2026-02-26T11:59:23.755Z",
"dateUpdated": "2026-06-29T06:50:16.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40514 (GCVE-0-2026-40514)
Vulnerability from cvelistv5 – Published: 2026-04-27 14:21 – Updated: 2026-04-27 20:11
VLAI
EPSS
VEX
Title
SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG
Summary
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | release-notespatch |
| https://www.vulncheck.com/advisories/smartertools… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools Inc. | SmarterMail |
Affected:
0 , < 100.0.9610
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T19:06:29.125530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T20:11:46.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmarterMail",
"vendor": "SmarterTools Inc.",
"versions": [
{
"lessThan": "100.0.9610",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Wiegand of CODE WHITE GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.\u003cbr\u003e"
}
],
"value": "SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T14:21:40.564Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartermail-build-9610-cryptographic-weakness-via-weak-rng"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SmarterTools SmarterMail \u003c Build 9610 Cryptographic Weakness via Weak RNG",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-40514",
"datePublished": "2026-04-27T14:21:40.564Z",
"dateReserved": "2026-04-13T20:29:02.809Z",
"dateUpdated": "2026-04-27T20:11:46.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41505 (GCVE-0-2026-41505)
Vulnerability from cvelistv5 – Published: 2026-05-07 13:35 – Updated: 2026-05-07 14:44
VLAI
EPSS
VEX
Title
RELATE: Predictable Token Generation in auth.py and exam.py
Summary
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/inducer/relate/security/adviso… | x_refsource_CONFIRM |
| https://github.com/inducer/relate/commit/2f68e16c… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T14:44:39.863373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:44:48.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "relate",
"vendor": "inducer",
"versions": [
{
"status": "affected",
"version": "\u003c 2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py\u0027s make_sign_in_key() function and exam.py\u0027s gen_ticket_code() function. This issue has been patched via commit 2f68e16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:35:02.351Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/inducer/relate/security/advisories/GHSA-rvx5-95mm-p77v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/inducer/relate/security/advisories/GHSA-rvx5-95mm-p77v"
},
{
"name": "https://github.com/inducer/relate/commit/2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inducer/relate/commit/2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb"
}
],
"source": {
"advisory": "GHSA-rvx5-95mm-p77v",
"discovery": "UNKNOWN"
},
"title": "RELATE: Predictable Token Generation in auth.py and exam.py"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41505",
"datePublished": "2026-05-07T13:35:02.351Z",
"dateReserved": "2026-04-20T18:18:50.681Z",
"dateUpdated": "2026-05-07T14:44:48.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41564 (GCVE-0-2026-41564)
Vulnerability from cvelistv5 – Published: 2026-04-23 07:29 – Updated: 2026-04-23 13:05
VLAI
EPSS
VEX
Title
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking
Summary
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery.
This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-23T09:33:41.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/23/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-41564",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:05:18.115917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:05:22.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "CryptX",
"product": "CryptX",
"programFiles": [
"inc/CryptX_PK_RSA.xs.inc",
"inc/CryptX_PK_DSA.xs.inc",
"inc/CryptX_PK_DH.xs.inc",
"inc/CryptX_PK_ECC.xs.inc",
"inc/CryptX_PK_Ed25519.xs.inc",
"inc/CryptX_PK_X25519.xs.inc"
],
"repo": "https://github.com/DCIT/perl-CryptX",
"vendor": "MIK",
"versions": [
{
"lessThan": "0.088",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.\n\nThe Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery.\n\nThis affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-335",
"description": "CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T07:29:26.340Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DCIT/perl-CryptX/commit/9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/MIK/CryptX-0.088"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to CryptX 0.088 or later, or apply the upstream patch.\n\nApplying the fix does not retroactively protect keys that may already have been exposed. On an affected version, any private key used with or generated by a Crypt::PK::* object created before `fork()` should be assessed for rotation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-18T00:00:00.000Z",
"value": "Issue discovered."
},
{
"lang": "en",
"time": "2026-04-21T00:00:00.000Z",
"value": "Reported to upstream maintainer."
},
{
"lang": "en",
"time": "2026-04-23T00:00:00.000Z",
"value": "CryptX 0.088 released with fix."
}
],
"title": "CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-41564",
"datePublished": "2026-04-23T07:29:26.340Z",
"dateReserved": "2026-04-21T12:45:20.132Z",
"dateUpdated": "2026-04-23T13:05:22.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Implementation
Description:
- Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.