CVE-2026-11832

Vulnerability Description

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.

The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Vulnerability Details

Published Date

June 15, 2026

Last Modified

June 15, 2026

CWE ID

CWE-338

Source

NVD

Vendor

BIAFRA

Product

Dancer2::Plugin::Auth::OAuth

External References

https://datatracker.ietf.org/doc/html/rfc5849#section-3.3
https://datatracker.ietf.org/doc/html/rfc5849#section-4.9
https://metacpan.org/release/BIAFRA/Dancer2-Plugin-Auth-OAuth-0.22/changes
https://www.cve.org/CVERecord?id=CVE-2025-22376

CVE-2026-11832

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment