PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13082 BURAK CVE debrief

CVE-2026-13082 is a vulnerability in GD::SecurityImage versions up to 1.75 for Perl. The module uses the rand function to generate secrets, which is unsuitable for security applications due to its predictability and reversibility. This vulnerability affects developers and administrators using GD::SecurityImage 1.75 for Perl in security-related applications. The vulnerability has a medium defensive priority, and defenders should review and update GD::SecurityImage to a version that uses a cryptographically secure pseudo-random number generator.

Vendor
BURAK
Product
GD::SecurityImage
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Developers and administrators using GD::SecurityImage 1.75 for Perl in security-related applications should be aware of this vulnerability. They should review and update GD::SecurityImage to a version that uses a cryptographically secure pseudo-random number generator and implement additional security measures to mitigate the vulnerability.

Technical summary

The GD::SecurityImage module generates challenge text for CAPTCHA by sampling characters from an array using Perl's built-in rand function, creating a six-character string by default. However, the rand function is predictable and reversible, making it unsuitable for security applications. To mitigate the vulnerability, defenders should implement additional security measures, such as using a secure random number generator. The vulnerability has a medium defensive priority, and defenders should review and update GD::SecurityImage to a version that uses a cryptographically secure pseudo-random number generator.

Defensive priority

Medium

Recommended defensive actions

  • Review and update GD::SecurityImage to a version that uses a cryptographically secure pseudo-random number generator.
  • Implement additional security measures, such as using a secure random number generator, to mitigate the vulnerability.
  • Monitor for potential attacks exploiting this vulnerability.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-07-17T13:17:55.443Z and has not been modified since then. The NVD entry is currently Deferred. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The rand function used in GD::SecurityImage is predictable and reversible, making it unsuitable for security applications. To verify the vulnerability, defenders should review the official advisory and CVE record.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T13:17:55.443Z and has not been modified since then.