CVE-2026-47373

CVE-2026-47373: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks

Vendor Rrwo
Product Crypt::SaltedHash
Weakness CWE-208
Published May 20, 2026
Last update May 21, 2026

CVSS base score

What the vulnerability does

01Description

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

Key dates

02Disclosure timeline

May 20, 2026 CVE published
May 21, 2026 Record updated