CVE-2026-5087
Received Received - Intake
Insecure Randomness in PAGI::Middleware::Session::Store::Cookie Enables Session Tampering

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: CPANSec

Description
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications. This modules does not use the Crypt::URandom module, and installing it will not fix the problem. The random bytes are used for generating an initialisation vector (IV) to encrypt the cookie. A predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5087
EUVD
EUVD-2026-17531
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jjnapiork pagi to 0.001003 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1204 The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.
CWE-338 The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl arises from insecure generation of random bytes used for the initialization vector (IV) in encryption.

The module tries to read random bytes from /dev/urandom for cryptographically secure randomness. However, if /dev/urandom is unavailable (such as on Windows systems), it falls back to using Perl's built-in rand() function, which is not suitable for cryptographic purposes.

This fallback results in predictable IVs, which can make it easier for attackers to decrypt or tamper with the encrypted session data stored in cookies.

Impact Analysis

This vulnerability can impact you by allowing malicious users to potentially decrypt and modify session data stored in cookies.

Because the initialization vector (IV) used in AES-256-GCM encryption may be predictable due to insecure random byte generation, attackers might detect patterns or tamper with session information.

This could lead to unauthorized access, session hijacking, or manipulation of user sessions, compromising the security and integrity of your application.

Detection Guidance

This vulnerability can be detected by checking if the PAGI::Middleware::Session::Store::Cookie Perl module is used in your application and whether it is generating initialization vectors (IVs) using insecure methods.

Specifically, detection involves verifying if the module attempts to read from /dev/urandom and falls back to Perl's built-in rand() function when /dev/urandom is unavailable, which is insecure.

You can look for runtime warnings emitted by the module recommending the installation of Crypt::URandom, which indicates fallback to insecure random byte generation.

  • On Unix-like systems, check if /dev/urandom is accessible: `ls -l /dev/urandom`
  • Search your Perl application code or dependencies for usage of PAGI::Middleware::Session::Store::Cookie and check its version (should be through 0.001003).
  • Run your Perl application with warnings enabled and monitor logs for warnings about missing Crypt::URandom or fallback to rand().
  • Use Perl commands to check the module version, for example: `perl -MPAGI::Middleware::Session::Store::Cookie -e 'print $PAGI::Middleware::Session::Store::Cookie::VERSION . "\n";'`
Mitigation Strategies

Immediate mitigation steps include ensuring that the system provides access to a secure source of randomness such as /dev/urandom.

Since installing Crypt::URandom does not fix the problem, the best approach is to run the application on a platform where /dev/urandom is available and accessible.

Alternatively, consider updating or patching the PAGI::Middleware::Session::Store::Cookie module to a version that securely generates IVs without falling back to insecure methods.

In the short term, monitor for any warnings about insecure IV generation and avoid running the application on platforms like Windows where /dev/urandom is not present.

Also, ensure that the secret key used for AES encryption is strong (at least 32 bytes) to reduce risk.

Compliance Impact

The vulnerability involves insecure generation of random bytes used as initialization vectors (IVs) for encrypting session cookies. Predictable IVs may allow attackers to decrypt or tamper with session data stored in cookies.

This weakness could impact compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data. If session data can be decrypted or altered by attackers, it may lead to unauthorized access or data breaches, violating confidentiality and data integrity requirements.

Therefore, the vulnerability poses a risk to maintaining secure session management and protecting user data, which are critical for meeting regulatory obligations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5087. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart