CVE-2026-5086
Received Received - Intake
Timing Attack Vulnerability in Crypt::SecretBuffer Perl Module

Publication date: 2026-04-13

Last updated on: 2026-05-06

Assigner: CPANSec

Description
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5086
EUVD
EUVD-2026-22136
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nerdvana crypt to 0.019 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Crypt::SecretBuffer versions before 0.019 for Perl and is related to timing attacks.

If Crypt::SecretBuffer is used to store and compare plaintext passwords, differences in the time it takes to perform these operations can be exploited by an attacker to guess the secret password.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade Crypt::SecretBuffer to version 0.019 or later.

Impact Analysis

The vulnerability can allow an attacker to infer secret information, such as plaintext passwords, by measuring timing discrepancies during password comparison.

This could lead to unauthorized access if an attacker successfully guesses passwords based on timing information.

Compliance Impact

The provided information does not specify how CVE-2026-5086 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5086. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart