CVE-2026-11702

HIGH

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

Title source: cna
STIX 2.1

Description

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

Scores

CVSS v3 7.5
EPSS 0.0029
EPSS Percentile 21.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-335
Status published
Products (1)
DAVIDO/Bytes::Random::Secure::Tiny < 1.011
Published Jun 26, 2026
Tracked Since Jun 26, 2026