Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2026-6659 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-6659

CVE-2026-6659

HIGH7.5

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts

Published May 8, 2026

Modified 1 weeks ago

Details

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.

The built-in rand function is predictable, and unsuitable for cryptography.

References

WEB

http://www.openwall.com/lists/oss-security/2026/05/08/17

FIX

https://github.com/ronsavage/Crypt-PasswdMD5/commit/a2f821637db0296082297aa4b02254ab08f0dc5e.patch

WEB

https://github.com/ronsavage/Crypt-PasswdMD5/pull/3

WEB

https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.42/source/lib/Crypt/PasswdMD5.pm#L35-47

WEB

https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.43/changes

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-6659

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

Other

CWE-338

Ecosystems

Timeline

PublishedMay 8, 2026

ModifiedMay 26, 2026