HIGH
TCHATZI
CVE published 2026-05-21
CVE-2026-46473
CVE-2026-46473 describes a high-severity weakness in Authen::TOTP versions before 0.1.1: secrets were generated with Perl’s built-in rand function. Because rand is predictable and not appropriate for security-sensitive secret generation, affected deployments may produce weak TOTP secrets. The issue was published on 2026-05-21 and the source record points to a fix in the 0.1.1 release.