Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Crypt::DSA by TIMLEGGE

    CVE-2026-14570 (GCVE-0-2026-14570)

    Vulnerability from nvd – Published: 2026-07-05 01:30 – Updated: 2026-07-06 13:42
    VLAI
    Title
    Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery
    Summary
    Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , < 1.22 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-05T05:19:58.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/05/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:41:52.097549Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:42:11.715Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA/Util.pm",
                "lib/Crypt/DSA.pm",
                "lib/Crypt/DSA/KeyChain.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::Util::makerandom"
                },
                {
                  "name": "Crypt::DSA::sign"
                },
                {
                  "name": "Crypt::DSA::KeyChain::generate_keys"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThan": "1.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery.\n\n\"Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values.\"\n\nAn attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack.\n\nKeys used to sign with an affected version should be considered compromised and new keys should be generated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T01:30:12.849Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/source/lib/Crypt/DSA/Util.pm#L56"
            },
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.22/diff/TIMLEGGE/Crypt-DSA-1.21#lib/Crypt/DSA/Util.pm"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.22/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.22 or later, which draws the nonce and private key uniformly via rejection sampling (Crypt::DSA::Util::randombelow) with no forced high bit.\n\nRevoke and regenerate any keys used to sign with an affected version.\n\nCrypt::DSA was deprecated in version 1.20. You should migrate to another solution."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14570",
        "datePublished": "2026-07-05T01:30:12.849Z",
        "dateReserved": "2026-07-03T10:37:19.787Z",
        "dateUpdated": "2026-07-06T13:42:11.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12205 (GCVE-0-2026-12205)

    Vulnerability from nvd – Published: 2026-06-15 21:57 – Updated: 2026-06-16 16:13
    VLAI
    Title
    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery
    Summary
    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , < 1.21 (custom)
    Create a notification for this product.
    Credits
    Richard Kettlewell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-15T22:44:28.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/15/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12205",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T16:13:28.769417Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T16:13:32.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::sign"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThan": "1.21",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Richard Kettlewell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.\n\nCrypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.\n\nThe first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical \"r\".\n\nKeys used to sign more than once with an affected version should be considered compromised."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T21:57:18.317Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.21\n\nRevoke any keys that may have been compromised.\n\nCrypt::DSA was deprecated in version 1.20. You should migrate to another solution."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Maintainer contacted"
            },
            {
              "lang": "en",
              "time": "2026-06-13T00:00:00.000Z",
              "value": "Maintainer and CPANSec contacted"
            },
            {
              "lang": "en",
              "time": "2026-06-14T00:00:00.000Z",
              "value": "Fixed version released"
            }
          ],
          "title": "Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-12205",
        "datePublished": "2026-06-15T21:57:18.317Z",
        "dateReserved": "2026-06-14T12:07:30.610Z",
        "dateUpdated": "2026-06-16T16:13:32.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8704 (GCVE-0-2026-8704)

    Vulnerability from nvd – Published: 2026-05-15 22:18 – Updated: 2026-05-18 15:06
    VLAI
    Title
    Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified
    Summary
    Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , ≤ 1.19 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-16T00:31:20.840Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/15/27"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T15:05:39.380389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T15:06:15.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA/Key.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::read"
                },
                {
                  "name": "Crypt::DSA::write"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThanOrEqual": "1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-23",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-23 File Content Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T22:18:15.917Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"
            },
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/Key.pm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.20"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "CPANSec identified issue"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Author was notified"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Version 1.20 released."
            }
          ],
          "title": "Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8704",
        "datePublished": "2026-05-15T22:18:15.917Z",
        "dateReserved": "2026-05-15T18:08:24.117Z",
        "dateUpdated": "2026-05-18T15:06:15.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8700 (GCVE-0-2026-8700)

    Vulnerability from nvd – Published: 2026-05-15 22:10 – Updated: 2026-05-18 15:04
    VLAI
    Title
    Crypt::DSA versions before 1.20 for Perl generate seeds using rand
    Summary
    Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , < 1.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-16T00:31:19.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/15/26"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8700",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T15:03:59.437060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T15:04:20.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA/KeyChain.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::generate_params"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA.git",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThan": "1.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions before 1.20 for Perl generate seeds using rand.\n\nSeeds were generated using Perl\u0027s built-in rand function, which is predictable and unsuitable for security usage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T22:10:52.242Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"
            },
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.20 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "CPANSec identified issue"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Author was notified"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Version 1.20 released."
            }
          ],
          "title": "Crypt::DSA versions before 1.20 for Perl generate seeds using rand",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8700",
        "datePublished": "2026-05-15T22:10:52.242Z",
        "dateReserved": "2026-05-15T17:20:11.254Z",
        "dateUpdated": "2026-05-18T15:04:20.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14570 (GCVE-0-2026-14570)

    Vulnerability from cvelistv5 – Published: 2026-07-05 01:30 – Updated: 2026-07-06 13:42
    VLAI
    Title
    Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery
    Summary
    Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , < 1.22 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-05T05:19:58.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/05/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:41:52.097549Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:42:11.715Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA/Util.pm",
                "lib/Crypt/DSA.pm",
                "lib/Crypt/DSA/KeyChain.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::Util::makerandom"
                },
                {
                  "name": "Crypt::DSA::sign"
                },
                {
                  "name": "Crypt::DSA::KeyChain::generate_keys"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThan": "1.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery.\n\n\"Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values.\"\n\nAn attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack.\n\nKeys used to sign with an affected version should be considered compromised and new keys should be generated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T01:30:12.849Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/source/lib/Crypt/DSA/Util.pm#L56"
            },
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.22/diff/TIMLEGGE/Crypt-DSA-1.21#lib/Crypt/DSA/Util.pm"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.22/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.22 or later, which draws the nonce and private key uniformly via rejection sampling (Crypt::DSA::Util::randombelow) with no forced high bit.\n\nRevoke and regenerate any keys used to sign with an affected version.\n\nCrypt::DSA was deprecated in version 1.20. You should migrate to another solution."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-14570",
        "datePublished": "2026-07-05T01:30:12.849Z",
        "dateReserved": "2026-07-03T10:37:19.787Z",
        "dateUpdated": "2026-07-06T13:42:11.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12205 (GCVE-0-2026-12205)

    Vulnerability from cvelistv5 – Published: 2026-06-15 21:57 – Updated: 2026-06-16 16:13
    VLAI
    Title
    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery
    Summary
    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , < 1.21 (custom)
    Create a notification for this product.
    Credits
    Richard Kettlewell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-15T22:44:28.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/15/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12205",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T16:13:28.769417Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T16:13:32.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::sign"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThan": "1.21",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Richard Kettlewell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.\n\nCrypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.\n\nThe first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical \"r\".\n\nKeys used to sign more than once with an affected version should be considered compromised."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T21:57:18.317Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.21\n\nRevoke any keys that may have been compromised.\n\nCrypt::DSA was deprecated in version 1.20. You should migrate to another solution."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Maintainer contacted"
            },
            {
              "lang": "en",
              "time": "2026-06-13T00:00:00.000Z",
              "value": "Maintainer and CPANSec contacted"
            },
            {
              "lang": "en",
              "time": "2026-06-14T00:00:00.000Z",
              "value": "Fixed version released"
            }
          ],
          "title": "Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-12205",
        "datePublished": "2026-06-15T21:57:18.317Z",
        "dateReserved": "2026-06-14T12:07:30.610Z",
        "dateUpdated": "2026-06-16T16:13:32.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8704 (GCVE-0-2026-8704)

    Vulnerability from cvelistv5 – Published: 2026-05-15 22:18 – Updated: 2026-05-18 15:06
    VLAI
    Title
    Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified
    Summary
    Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , ≤ 1.19 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-16T00:31:20.840Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/15/27"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T15:05:39.380389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T15:06:15.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA/Key.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::read"
                },
                {
                  "name": "Crypt::DSA::write"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThanOrEqual": "1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-23",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-23 File Content Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T22:18:15.917Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"
            },
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/Key.pm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.20"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "CPANSec identified issue"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Author was notified"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Version 1.20 released."
            }
          ],
          "title": "Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8704",
        "datePublished": "2026-05-15T22:18:15.917Z",
        "dateReserved": "2026-05-15T18:08:24.117Z",
        "dateUpdated": "2026-05-18T15:06:15.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8700 (GCVE-0-2026-8700)

    Vulnerability from cvelistv5 – Published: 2026-05-15 22:10 – Updated: 2026-05-18 15:04
    VLAI
    Title
    Crypt::DSA versions before 1.20 for Perl generate seeds using rand
    Summary
    Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TIMLEGGE Crypt::DSA Affected: 0 , < 1.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-16T00:31:19.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/15/26"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8700",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T15:03:59.437060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T15:04:20.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-DSA",
              "product": "Crypt::DSA",
              "programFiles": [
                "lib/Crypt/DSA/KeyChain.pm"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::DSA::generate_params"
                }
              ],
              "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA.git",
              "vendor": "TIMLEGGE",
              "versions": [
                {
                  "lessThan": "1.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::DSA versions before 1.20 for Perl generate seeds using rand.\n\nSeeds were generated using Perl\u0027s built-in rand function, which is predictable and unsuitable for security usage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T22:10:52.242Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"
            },
            {
              "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.20 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "CPANSec identified issue"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Author was notified"
            },
            {
              "lang": "en",
              "time": "2026-05-15T00:00:00.000Z",
              "value": "Version 1.20 released."
            }
          ],
          "title": "Crypt::DSA versions before 1.20 for Perl generate seeds using rand",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8700",
        "datePublished": "2026-05-15T22:10:52.242Z",
        "dateReserved": "2026-05-15T17:20:11.254Z",
        "dateUpdated": "2026-05-18T15:04:20.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }