CVE-2026-5086

Description

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

References

• https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes