CVE-2026-8704 | THREATINT

Description

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-15 | Updated 2026-05-16 | Assigner CPANSec

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Default status

unaffected

Any version

affected

Timeline

2026-05-15:	CPANSec identified issue
2026-05-15:	Author was notified
2026-05-15:	Version 1.20 released.

References

www.openwall.com/lists/oss-security/2026/05/15/27

metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes release-notes

metacpan.org/.../Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19

cve.org (CVE-2026-8704)

nvd.nist.gov (CVE-2026-8704)

Download JSON

help @ threatint.eu