CVE-2026-11832

CRITICAL 9.1

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

CWE	CWE-338
Vendor	biafra
Product	dancer2::plugin::auth::oauth
Published	Jun 15, 2026
Last Updated	Jun 16, 2026

Stay Ahead of the Next One

Get instant alerts for biafra dancer2::plugin::auth::oauth

Be the first to know when new critical vulnerabilities affecting biafra dancer2::plugin::auth::oauth are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

BIAFRA / Dancer2::Plugin::Auth::OAuth

0 < 0.22

References

NVD ↗ CVE.org ↗ EPSS Data ↗

metacpan.org: https://metacpan.org/release/BIAFRA/Dancer2-Plugin-Auth-OAuth-0.22/changes cve.org: https://www.cve.org/CVERecord?id=CVE-2025-22376 datatracker.ietf.org: https://datatracker.ietf.org/doc/html/rfc5849#section-3.3 datatracker.ietf.org: https://datatracker.ietf.org/doc/html/rfc5849#section-4.9