CVE-2026-11625
Publication date 26 June 2026
Last updated 29 June 2026
Ubuntu priority
Description
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libbytes-random-secure-perl | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.5 · High
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-11625
- https://lists.security.metacpan.org/cve-announce/msg/41305966/
- https://github.com/daoswald/Bytes-Random-Secure/issues/3
- https://github.com/daoswald/Bytes-Random-Secure/pull/4
- https://security.metacpan.org/patches/B/Bytes-Random-Secure/0.29/CVE-2026-11625-r1.patch
- https://www.cve.org/CVERecord?id=CVE-2026-41564