CVE-2026-6146

CVE-2026-6146: Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys

Vendor Bigfoot
Product Amazon::Credentials
Weakness CWE-338
Published May 11, 2026
Last update May 13, 2026

CVSS base score

What the vulnerability does

01Description

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.

Key dates

02Disclosure timeline

May 11, 2026 CVE published
May 13, 2026 Record updated