CVE-2024-58041

CVE-2024-58041: Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions

Vendor Wonko
Product Smolder
Weakness CWE-338
Published February 23, 2026
Last update February 24, 2026

CVSS base score

What the vulnerability does

01Description

Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Key dates

02Disclosure timeline

February 23, 2026 CVE published
February 24, 2026 Record updated