CVE-2026-13410
Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSL_verify_mode explicitly disabled. An attacker with network man-in-the-middle (MITM) capability between the Dancer application and googleapis.com can intercept the OAuth2 token exchange and userinfo fetch, return a forged access_token and user profile, and be logged in to the Dancer application as any Google user.
| CWE | CWE-295 |
| Vendor | garu |
| Product | dancer::plugin::auth::google |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for garu dancer::plugin::auth::google
Be the first to know when new unknown vulnerabilities affecting garu dancer::plugin::auth::google are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
GARU / Dancer::Plugin::Auth::Google
0 โค 0.07