CVE-2026-5086

HIGH 7.5

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

5th

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

CWE	CWE-208
Vendor	nerdvana
Product	crypt::secretbuffer
Published	Apr 13, 2026
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for nerdvana crypt::secretbuffer

Be the first to know when new high vulnerabilities affecting nerdvana crypt::secretbuffer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NERDVANA / Crypt::SecretBuffer

0 < 0.019

References

NVD ↗ CVE.org ↗ EPSS Data ↗

metacpan.org: https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes openwall.com: http://www.openwall.com/lists/oss-security/2026/04/13/12