CVE-2026-5086

Summary

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.

For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Affected Software

VendorProductVersion RangeStatus
NERDVANACrypt::SecretBuffer0 < 0.019affected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References