← back
CVE-2026-8700

Crypt::DSA versions before 1.20 for Perl generate seeds using rand

CVSS 7.3 HIGHEPSS 0.4%CWE-331
Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
TIMLEGGE · Crypt::DSA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changeshttps://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pmhttp://www.openwall.com/lists/oss-security/2026/05/15/26