CVE-2025-40905

CVE-2025-40905: WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions

Vendor Dbook
Product WWW::OAuth
Weakness CWE-338
Published February 12, 2026
Last update February 17, 2026

CVSS base score

What the vulnerability does

01Description

WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Key dates

02Disclosure timeline

February 12, 2026 CVE published
February 17, 2026 Record updated