CVE-2026-8700

Description

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-15 | Updated 2026-05-16 | Assigner CPANSec

Problem types

CWE-331 Insufficient Entropy

Product status

Timeline

References

www.openwall.com/lists/oss-security/2026/05/15/26

metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes release-notes

metacpan.org/.../Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19

cve.org (CVE-2026-8700)

nvd.nist.gov (CVE-2026-8700)

Download JSON