CVE-2026-5086

CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

Vendor Nerdvana
Product Crypt::SecretBuffer
Weakness CWE-208
Published April 13, 2026
Last update April 15, 2026

CVSS base score

What the vulnerability does

01Description

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Key dates

02Disclosure timeline

April 13, 2026 CVE published
April 15, 2026 Record updated

Related vulnerabilities

04Related CVE