CVE-2026-5086

EUVD-2026-22136
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.

For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
nerdvanacrypt\
𝑥
< 0.019
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes
http://www.openwall.com/lists/oss-security/2026/04/13/12