CVE-2026-11702
HIGHBytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes
Title source: cnaDescription
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.
References (5)
Core 5
Core References
Issue Tracking issue-tracking
https://github.com/daoswald/Bytes-Random-Secure-Tiny/pull/7
Issue Tracking issue-tracking
https://github.com/daoswald/Bytes-Random-Secure-Tiny/issues/6
Patch patch
https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch
Related related
https://www.cve.org/CVERecord?id=CVE-2026-41564
Related related
https://www.cve.org/CVERecord?id=CVE-2026-11625
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
21.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-335
Status
published
Products (1)
DAVIDO/Bytes::Random::Secure::Tiny
< 1.011
Published
Jun 26, 2026
Tracked Since
Jun 26, 2026