CWE-338

Medium likelihood

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Parent: CWE-330 - Use of Insufficiently Random Values

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

184 vulnerabilities with CWE-338
CVE-2026-11832 ANALYSIS PENDING
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce
CVE-2026-9638 HIGH
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts
CVSS 7.5
CVE-2026-46493 HIGH
haxtheweb/haxcms-php uses insecure method for generating salt
CVSS 7.5
CVE-2026-11347 HIGH
Hardcoded Cryptographic Keys and Weak IV Generation in Linqi Application
CVE-2026-41858 HIGH
Cloud Foundry Foundation Windows-utilities-release < 0.23.0 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVSS 7.5
CVE-2026-8647 MEDIUM
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available
CVSS 4.8
CVE-2026-47372 CRITICAL
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts
CVSS 9.1
CVE-2026-42155 CRITICAL
Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs
CVE-2026-8503 MEDIUM
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids
CVSS 6.5
CVE-2026-6146 MEDIUM
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys
CVSS 5.3
CVE-2026-5084 MEDIUM
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely
CVSS 6.5
CVE-2026-6659 HIGH
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts
CVSS 7.5
CVE-2026-41505 HIGH
RELATE: Predictable Token Generation in auth.py and exam.py
CVSS 8.7
CVE-2026-5080 MEDIUM
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely
CVSS 5.9
CVE-2026-40514 MEDIUM
SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG
CVSS 5.9
CVE-2026-41564 HIGH
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking
CVSS 7.5
CVE-2026-5088 HIGH
Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts
CVSS 7.5
CVE-2026-5085 CRITICAL
Solstice::Session versions through 1440 for Perl generates session ids insecurely
CVSS 9.1
CVE-2026-5083 MEDIUM
Ado::Sessions versions through 0.935 for Perl generates insecure session ids
CVSS 5.3
CVE-2026-5082 MEDIUM
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id
CVSS 5.3
CVE-2026-25726 HIGH
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
CVSS 8.1
CVE-2026-34871 MEDIUM
Mbed TLS <3.6.6/4.x<4.1.0 - Predictable PRNG
CVSS 6.7
CVE-2026-5087 HIGH
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
CVSS 7.5
CVE-2026-3256 CRITICAL
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids
CVSS 9.8
CVE-2026-3255 MEDIUM
HTTP::Session2 <1.12 - Weak Session ID
CVSS 6.5
Details
Vulnerabilities 184
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits