CVE-2026-46473

CVE-2026-46473: Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand

Vendor Tchatzi
Product Authen::TOTP
Weakness CWE-331
Published May 21, 2026
Last update May 21, 2026

CVSS base score

What the vulnerability does

01Description

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

Key dates

02Disclosure timeline

May 21, 2026 CVE published
May 21, 2026 Record updated