CVE-2026-5091

CVE-2026-5091: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks

Vendor Jjnapiork
Product Catalyst::Plugin::Authentication
Weakness CWE-208
Published May 21, 2026
Last update May 22, 2026

CVSS base score

What the vulnerability does

01Description

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

Key dates

02Disclosure timeline

May 21, 2026 CVE published
May 22, 2026 Record updated