CVE-2026-12205
Received Received - Intake
BaseFortify

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: CPANSec

Description
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-12205
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-323 Nonces should be used for the present occasion and only once.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Crypt::DSA versions before 1.21 for Perl, where the nonce used in digital signatures is reused across multiple signatures.

Specifically, the Crypt::DSA::sign function caches the nonce material in the Key object and does not clear it, causing the same nonce to be reused for every signature made with that Key object.

Reusing the nonce results in identical 'r' values in signatures, which can lead to the recovery of the private key.

Impact Analysis

If you use an affected version of Crypt::DSA to sign data multiple times with the same Key object, the private key can be recovered by an attacker due to nonce reuse.

This compromises the security of your cryptographic signatures, potentially allowing attackers to forge signatures or impersonate you.

Keys used to sign more than once with an affected version should be considered compromised.

Mitigation Strategies

To mitigate this vulnerability, you should consider any keys used to sign more than once with Crypt::DSA versions before 1.21 as compromised.

Update Crypt::DSA to version 1.21 or later where the nonce reuse issue is fixed.

Revoke and replace any compromised keys that were used with the affected versions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart