{"id":"CVE-2026-5091","summary":"Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks","details":"Catalyst::Plugin::Authentication versions through 0.10024 for Perl  is susceptible to timing attacks.\n\nThese versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.","modified":"2026-05-24T03:55:28.926157169Z","published":"2026-05-21T21:07:26.432Z","database_specific":{"cwe_ids":["CWE-208"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5091.json","cna_assigner":"CPANSec"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/05/21/19"},{"type":"WEB","url":"https://cpan.org/modules"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5091.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_025/changes"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5091"},{"type":"FIX","url":"https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e.patch"},{"type":"PACKAGE","url":"https://github.com/perl-catalyst/Catalyst-Plugin-Authentication"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/perl-catalyst/catalyst-plugin-authentication","events":[{"introduced":"0"},{"fixed":"b0515f492257438cf07082acf1e10d06e8088a5e"}]}],"versions":["v0.10024","0.10023","0.10022","0.10021","0.10020","v0.10019","v0.10018","v0.10017","v0.10016","v0.10015","v0.10014","v0.10013","v0.10012","v0.10011","v0.10010","v0.100092_01","v0.100092","v0.10009_01","v0.09","v0.08","v0.07","v0.05","v0.04","v0.03","v0.02","v0.01"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-5091.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}