Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-11702EXPLOITEDPATCHED

perl · bytes::random::secure::secure::tiny

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

Description

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.

Affected Products

Vendor	Product	Versions
perl	bytes::random::secure::secure::tiny	0

References

https://github.com/daoswald/Bytes-Random-Secure-Tiny/issues/6(issue-tracking)
https://github.com/daoswald/Bytes-Random-Secure-Tiny/pull/7(issue-tracking)
https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch(patch)
https://www.cve.org/CVERecord?id=CVE-2026-41564(related)

Related News (2 articles)

Tier C

oss-security1d ago

CVE-2026-11702: Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-11702 | DAVIDO Bytes::Random::Secure::Tiny up to 1.011 on Perl prng seed

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch

CWECWE-335

PublishedJun 26, 2026

Last enriched1d agov3

Tags

prngseed manipulationCPAN Security Group

Trending Score57

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11625EXP

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

HIGHCVE-2026-48962EXP

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

HIGHCVE-2026-12844EXP

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function

NONECVE-2026-12087EXP

Socket versions before 2.041 for Perl have an out-of-bounds heap read

NONECVE-2026-9698EXP

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Updated: severity, activelyExploited, tags

Jun 26, 2026

Updated: cvssEstimate, tags

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Patch Available

Jun 26, 2026

Version History

v3

Last enriched 1d ago

v3Tier C1d ago

Updated tags to include 'CPAN Security Group' and set patchAvailable to null.

cvssEstimatetags

via oss-security

v2Tier C1d ago

Updated severity to HIGH, marked as actively exploited, and added new tags related to prng and seed manipulation.

severityactivelyExploitedtags

via VulDB

v11d ago

Initial creation