HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-12205Published Modified CNA CPANSec

CVE-2026-12205: Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.

Metrics

CVSS v3.1
9.1
Severity
CRITICAL
Fixed in
1.21
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Nonce reuse in Crypt::DSA (Perl) before version 1.21 allows an attacker to recover the private signing key from any two signatures produced by the same Key object. The vulnerability is reachable over the network without authentication, as any service that signs data and returns or exposes signatures to remote clients leaks the material needed for key recovery. Successful exploitation gives the attacker the private DSA key, enabling them to forge arbitrary signatures on behalf of the compromised identity. A patched-image rebuild at version 1.21 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from CPANSec and upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle Crypt::DSA as a vendored or system dependency. Any image layer containing a Crypt::DSA installation below 1.21 is flagged automatically.

Available
Triage

HarborGuard scores this finding at CVSS 9.1 Critical (v3.1) and surfaces it at the top of the severity queue, weighted further by any per-environment compliance policies the customer has configured. Findings are routed to the team inbox or ticketing integration mapped to the affected registry or pipeline in each customer organization.

Available
Patch

A patched-image rebuild pinned to Crypt::DSA 1.21 becomes available through HarborGuard as soon as the fix version is confirmed in the advisory record. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test suite against the new layer, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the signing service over the network to collect two or more signatures produced by the same Key object.

  • AuthenticationNot required

    No credentials are needed; any unauthenticated client that can request signatures from the affected service obtains the necessary material.

  • Victim interactionNot required

    No user action is required; the vulnerability is triggered purely by the service performing its normal signing operations.

  • Attack complexityDetail

    Exploitation is reliable and condition-free once two signatures with the same nonce are collected, as the key recovery math is deterministic with no environmental dependencies.

Blast Radius

  • Attacker recovers the full private DSA key from as few as two observed signatures, with no further access to the host required.
  • With the recovered private key, the attacker forges valid signatures on arbitrary data, bypassing any integrity or authenticity guarantee that key was providing.
  • All previously issued signatures from the compromised key can no longer be trusted, requiring revocation and re-issuance of dependent certificates or tokens.

How HarborGuard Handles This

Available on HarborGuard: images containing Crypt::DSA below 1.21 are matched against this CVE within minutes of publication, including custom-built Perl images that vendor the library directly. For environments with auto-remediation enabled, HarborGuard rebuilds the image at Crypt::DSA 1.21, runs a regression pass, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in those environments. For environments where compliance policy requires manual approval before remediation, the finding is queued at Critical priority with full CVSS detail and routing to the designated team inbox. Because this vulnerability results in permanent key compromise for any Key object that signed more than once, customers should also treat any DSA private key used with an affected version as compromised and rotate it regardless of patch status.

See how HarborGuard automates this

Fix available

1.21
Affected packages
  • TIMLEGGE / Crypt::DSA
    < 1.21 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References