{"cve":{"cve_id":"CVE-2026-11702","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes.\n\nWhen an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced.\n\nSecrets generated in multiprocess applications are predictable across processes.","published_at":"2026-06-26T08:13:56.386000Z","last_modified_at":null,"cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-335"],"nvd_references":["https://github.com/daoswald/Bytes-Random-Secure-Tiny/issues/6","https://github.com/daoswald/Bytes-Random-Secure-Tiny/pull/7","https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch","https://www.cve.org/CVERecord?id=CVE-2026-41564"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:50:40.391234Z","updated_at":"2026-06-28T23:28:55.783287Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"davido","vendor_name":"DAVIDO","product_slug":"bytes-random-secure-tiny","product_name":"Bytes::Random::Secure::Tiny","version_start":"0","version_start_inclusive":true,"version_end":"1.011","version_end_inclusive":true,"cpe23_uri":"cve5:davido:bytes-random-secure-tiny:0:1.011"}],"exploit_refs":[],"news":[],"references":[{"url":"https://github.com/daoswald/Bytes-Random-Secure-Tiny/issues/6","source_type":"MISC","tags":[]},{"url":"https://github.com/daoswald/Bytes-Random-Secure-Tiny/pull/7","source_type":"PATCH","tags":["patch"]},{"url":"https://security.metacpan.org/patches/B/Bytes-Random-Secure-Tiny/1.011/CVE-2026-11702-r1.patch","source_type":"MISC","tags":["patch"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-41564","source_type":"CONFIRM","tags":[]}],"timeline":[{"type":"published","at":"2026-06-26T08:13:56.386000Z","label":"CVE published","source":null}]}