CRITICAL
CHORNY
CVE published 2026-05-06
CVE-2026-5081
CVE-2026-5081 is a critical vulnerability in Apache::Session::Generate::ModUniqueId, a Perl module used for generating session IDs. The vulnerability arises from the module's use of the UNIQUE_ID environment variable, which is set by the Apache mod_unique_id plugin. This variable is based on the server's IPv4 address, process ID, epoch time, a 16-bit counter, and a thread index, with no obfuscation. As a [truncated]