CVE-2026-46474

CVE-2026-46474: Trog::TOTP versions before 1.006 for Perl generate secrets using rand

Vendor Teodesian
Product Trog::TOTP
Weakness CWE-331
Published May 15, 2026
Last update May 18, 2026

CVSS base score

What the vulnerability does

01Description

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

Key dates

02Disclosure timeline

May 15, 2026 CVE published
May 18, 2026 Record updated