CVE-2026-5085
Received Received - Intake
Predictable Session ID Vulnerability in Solstice::Session Perl Module

Publication date: 2026-04-13

Last updated on: 2026-04-23

Assigner: CPANSec

Description
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id. The same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution. The epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain predictable content. The built-in rand() function is seeded by 16-bits and is unsuitable for security purposes. The process id comes from a small set of numbers. Predictable session ids could allow an attacker to gain access to systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5085
EUVD
EUVD-2026-21885
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mcrawfor solstice *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-340 The product uses a scheme that generates numbers or identifiers that are more predictable than required.
CWE-338 The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Solstice::Session versions through 1440 for Perl, where session IDs are generated insecurely.

The method generating session IDs uses an MD5 digest seeded by predictable values: the epoch time, a random hash reference, the built-in rand() function, and the process ID.

Because these seed values are predictable or guessable (for example, epoch time can be guessed if not leaked in HTTP headers, the hash references contain predictable content, rand() is seeded with only 16 bits, and process IDs come from a small set), the resulting session IDs can be predicted.

Predictable session IDs allow attackers to potentially guess valid session identifiers and gain unauthorized access to systems.

Impact Analysis

Because session IDs are predictable, an attacker could guess or forge valid session identifiers.

This could allow unauthorized access to user sessions, leading to potential data breaches, impersonation of legitimate users, and unauthorized actions within the affected system.

Detection Guidance

This vulnerability involves predictable session IDs generated by the Solstice::Session and Solstice::Subsession Perl modules using MD5 digests seeded with predictable values such as epoch time, process ID, and a weak random number generator.

To detect this vulnerability on your system, you can monitor session IDs used by the application and check for predictability or weak randomness. Specifically, you can capture session cookies and analyze their values for patterns or reuse.

  • Use network traffic capture tools like tcpdump or Wireshark to capture HTTP traffic and extract session cookies.
  • Example command to capture HTTP traffic on port 80 and save to a file: tcpdump -i any -s 0 -w capture.pcap port 80
  • Use tools like tshark or Wireshark to filter and extract cookie headers from the capture file.
  • Analyze the session ID values for predictability, such as repeated patterns, timestamps, or low entropy.

Additionally, reviewing application logs or debugging output for session ID generation details may help identify the use of the vulnerable Solstice::Session or Solstice::Subsession modules.

Mitigation Strategies

Immediate mitigation steps focus on preventing attackers from exploiting predictable session IDs to gain unauthorized access.

  • Update or patch the Solstice::Session and Solstice::Subsession modules to versions that use secure, cryptographically strong session ID generation methods instead of MD5 seeded with predictable values.
  • If updating is not immediately possible, consider implementing additional session management controls such as regenerating session IDs after login and enforcing short session timeouts.
  • Ensure that HTTP headers like Date do not leak epoch time information that could aid attackers in guessing session IDs.
  • Monitor and log suspicious session activity to detect potential exploitation attempts.

Longer term, replace the weak random number generation and MD5-based session ID creation with a secure cryptographic random number generator.

Compliance Impact

The vulnerability in Solstice::Session and Solstice::Subsession involves insecure generation of session IDs using predictable inputs such as epoch time, a random hash reference, the built-in rand() function, and the process ID. This predictability could allow attackers to guess session IDs and gain unauthorized access to systems.

Such unauthorized access risks compromising user data confidentiality and integrity, which are critical requirements under common standards and regulations like GDPR and HIPAA. Failure to adequately protect session identifiers may lead to violations of these regulations' mandates on protecting personal and sensitive information.

Therefore, this vulnerability could negatively impact compliance by exposing systems to session hijacking attacks, potentially resulting in unauthorized data access and breaches of regulatory requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5085. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart