CVE-2026-5091 | THREATINT

Description

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

PUBLISHED Reserved 2026-03-28 | Published 2026-05-21 | Updated 2026-05-22 | Assigner CPANSec

Problem types

CWE-208 Observable Timing Discrepancy

Product status

Default status

unaffected

Any version

affected

References

www.openwall.com/lists/oss-security/2026/05/21/19

metacpan.org/...alyst-Plugin-Authentication-0.10_025/changes release-notes

github.com/...b0515f492257438cf07082acf1e10d06e8088a5e.patch patch

cve.org (CVE-2026-5091)

nvd.nist.gov (CVE-2026-5091)

Download JSON