Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-11625EXPLOITEDPATCHED

perl · bytes::random::secure

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Description

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

Affected Products

Vendor	Product	Versions
perl	bytes::random::secure	0

References

https://github.com/daoswald/Bytes-Random-Secure/issues/3(issue-tracking)
https://github.com/daoswald/Bytes-Random-Secure/pull/4(issue-tracking)
https://security.metacpan.org/patches/B/Bytes-Random-Secure/0.29/CVE-2026-11625-r1.patch(patch)
https://www.cve.org/CVERecord?id=CVE-2026-41564(related)

Related News (2 articles)

Tier C

oss-security1d ago

CVE-2026-11625: Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-11625 | DAVIDO Bytes::Random::Secure up to 0.29 on Perl Functional Interface prng seed

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://security.metacpan.org/patches/B/Bytes-Random-Secure/0.29/CVE-2026-11625-r1.patch

CWECWE-335

PublishedJun 26, 2026

Last enriched1d agov3

Tags

CVE-2026-11625

Trending Score57

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11702EXP

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

HIGHCVE-2026-48962EXP

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

HIGHCVE-2026-12844EXP

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function

NONECVE-2026-12087EXP

Socket versions before 2.041 for Perl have an out-of-bounds heap read

NONECVE-2026-9698EXP

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Updated: severity, activelyExploited, tags

Jun 26, 2026

Updated: cvssEstimate

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Patch Available

Jun 26, 2026

Version History

v3

Last enriched 1d ago

v3Tier C1d ago

Updated CVSS estimate to 0.0 and corrected patch availability to null.

cvssEstimate

via oss-security

v2Tier C1d ago

Updated severity to HIGH, marked as actively exploited, and noted no exploit available.

severityactivelyExploitedtags

via VulDB

v11d ago

Initial creation