CVE-2026-2588 — CRITICAL (9.1)

Q: How severe is CVE-2026-2588?

CVE-2026-2588 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-2588?

Check the references section above for vendor advisories and patch information. Affected products include: Timlegge Crypt\.

Vulnerability Description

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Timlegge	Crypt\	<= 2.001, \

Related Weaknesses (CWE)

CWE-190

References

FAQ

What is CVE-2026-2588?

CVE-2026-2588 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium ...

How severe is CVE-2026-2588?

CVE-2026-2588 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-2588?

Check the references section above for vendor advisories and patch information. Affected products include: Timlegge Crypt\.