Vulnerability Description
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.
Related Weaknesses (CWE)
References
- https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492
- https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_025/chang
- http://www.openwall.com/lists/oss-security/2026/05/21/19
FAQ
What is CVE-2026-5091?
CVE-2026-5091 is a documented vulnerability. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess ...
How severe is CVE-2026-5091?
CVSS scoring is not yet available for CVE-2026-5091. Check NVD for updates.
Is there a patch for CVE-2026-5091?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.