HIGHCVE-2026-46474Published 2026-05-15Modified 2026-05-18CNA CPANSec

CVE-2026-46474: Trog::TOTP versions before 1.006 for Perl generate secrets using rand

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: 1.006
Affected Products: 1

Fix available

1.006

Affected packages

TEODESIAN / Trog::TOTP
< 1.006 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

metacpan.org
metacpan.org

Metrics

Fix available