Vulnerability Description
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/daoswald/Bytes-Random-Secure/issues/3
- https://github.com/daoswald/Bytes-Random-Secure/pull/4
- https://security.metacpan.org/patches/B/Bytes-Random-Secure/0.29/CVE-2026-11625-
- https://www.cve.org/CVERecord?id=CVE-2026-41564
FAQ
What is CVE-2026-11625?
CVE-2026-11625 is a vulnerability with a CVSS score of 7.5 (HIGH). Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the int...
How severe is CVE-2026-11625?
CVE-2026-11625 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-11625?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.