CVE-2026-5091

Summary

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.

These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

Affected Software

VendorProductVersion RangeStatus
JJNAPIORKCatalyst::Plugin::Authentication0 <= 0.10024affected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References