CVE-2026-11702 | Bytes::Random::Secure::Tiny versions through 1.011 for Perl … | CVSS 7.5 HIGH

Description

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

Metadata

CVE ID: CVE-2026-11702
State: PUBLISHED
Assigner: CPANSec
Reserved: 2026-06-08 22:09 UTC
Published: 2026-06-26 08:13 UTC
Last updated: 2026-06-26 16:24 UTC
Primary CWE: CWE-335
CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Gen…
Vendor / Product: DAVIDO / Bytes::Random::Secure::Tiny
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
DAVIDO	Bytes::Random::Secure::Tiny	—	0 ≤ 1.011

Weakness (CWE)

CWE	Source	Description
CWE-335	cna	CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (4)