CVE-2026-11832

CVE-2026-11832: Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

Vendor Biafra
Product Dancer2::Plugin::Auth::OAuth
Weakness CWE-338
Published June 15, 2026
Last update June 15, 2026

CVSS base score

What the vulnerability does

01Description

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Key dates

02Disclosure timeline

June 15, 2026 CVE published