Vulnerability Description
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/daoswald/Bytes-Random-Secure-Tiny/issues/6
- https://github.com/daoswald/Bytes-Random-Secure-Tiny/pull/7
- https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-
- https://www.cve.org/CVERecord?id=CVE-2026-41564
FAQ
What is CVE-2026-11702?
CVE-2026-11702 is a vulnerability with a CVSS score of 7.5 (HIGH). Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared ...
How severe is CVE-2026-11702?
CVE-2026-11702 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-11702?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.