CVE-2026-9537
Received Received - Intake

Timing Attack in Mojo::JWT Perl Library

Vulnerability report for CVE-2026-9537, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: CPANSec

Description

Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of matching leading bytes. A caller that decodes attacker supplied tokens leaks the expected signature through this timing variation, which can be aggregated over many requests to recover the signature and forge a token.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mojo jwt to 1.02 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Mojo::JWT versions before 1.02 for Perl have a timing side-channel vulnerability in HMAC signature verification. The decode() method uses Perl's eq operator for comparison, which stops at the first differing byte. This causes the comparison time to vary based on matching leading bytes, allowing attackers to leak the secret signature through timing differences over multiple requests.

Detection Guidance

To detect this vulnerability, check if your system uses Mojo::JWT versions before 1.02. Run: perl -MMojo::JWT -e 'print $Mojo::JWT::VERSION' to verify the installed version. If the output is less than 1.02, the system is vulnerable.

Impact Analysis

An attacker could exploit this to recover the secret key used for signing tokens by measuring response times. Once the key is obtained, they can forge valid tokens and impersonate users or gain unauthorized access to systems relying on Mojo::JWT for authentication.

Compliance Impact

This vulnerability could potentially violate compliance requirements under GDPR and HIPAA by exposing sensitive data through timing side-channel attacks. Attackers could exploit the timing variation to recover secret keys used for token verification, leading to unauthorized access to protected information.

Mitigation Strategies

Upgrade Mojo::JWT to version 1.02 or later immediately. Use: cpan Mojo::JWT or cpanm Mojo::JWT to update the module. Ensure all dependent applications are restarted to apply the fix.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9537. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart