Review
JJNAPIORK
CVE published 2026-05-21
CVE-2026-5091
CVE-2026-5091 describes a timing-side-channel weakness in Catalyst::Plugin::Authentication for Perl. Versions through 0.10024 used Perl's built-in eq comparison when checking authentication data, and timing differences could help an attacker guess the underlying hash or password. The supplied NVD record maps the issue to CWE-208 and cites a GitHub patch plus a MetaCPAN changelog as references.