CVE-2026-46474
HIGHTrog::TOTP versions before 1.006 for Perl generate secrets using rand
Title source: cnaDescription
Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
References (3)
Core 3
Core References
Release Notes release-notes
https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/changes
Scores
CVSS v3
7.5
EPSS
0.0032
EPSS Percentile
23.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-331
Status
published
Products (1)
TEODESIAN/Trog::TOTP
< 1.006
Published
May 15, 2026
Tracked Since
May 15, 2026