CVE-2026-12205

CRITICAL 9.1

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.

CWE	CWE-323
Vendor	timlegge
Product	crypt::dsa
Published	Jun 15, 2026
Last Updated	Jun 16, 2026

Stay Ahead of the Next One

Get instant alerts for timlegge crypt::dsa

Be the first to know when new critical vulnerabilities affecting timlegge crypt::dsa are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TIMLEGGE / Crypt::DSA

0 < 1.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

metacpan.org: https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47 metacpan.org: https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes openwall.com: http://www.openwall.com/lists/oss-security/2026/06/15/4

Credits

Richard Kettlewell