PatchSiren cyber security CVE debrief
CVE-2026-11832 BIAFRA CVE debrief
CVE-2026-11832 is a vulnerability in Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl. The plugin defaults to a predictable nonce generated using an MD5 hash of the epoch time.
- Vendor
- BIAFRA
- Product
- Dancer2::Plugin::Auth::OAuth
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-16
Who should care
Users of Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The default nonce was generated using an MD5 hash of the epoch time, which is predictable. This could potentially allow attackers to exploit the vulnerability.
Defensive priority
high
Recommended defensive actions
- Update to version 0.22 or later of Dancer2::Plugin::Auth::OAuth
- Use a secure random number generator to generate nonces
Evidence notes
The CVE record and NVD detail provide information on the vulnerability.
Official resources
-
CVE-2026-11832 CVE record
CVE.org
-
CVE-2026-11832 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
CVE-2026-11832 was published on 2026-06-15T22:16:15.400Z.