======================================================================== CVE-2026-46474 CPAN Security Group ========================================================================
CVE ID: CVE-2026-46474 Distribution: Trog-TOTP Versions: before 1.006 MetaCPAN: https://metacpan.org/dist/Trog-TOTP VCS Repo: https://github.com/teodesian/Trog-TOTP Trog::TOTP versions before 1.006 for Perl generate secrets using rand Description ----------- Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. Problem types ------------- - CWE-331 Insufficient Entropy Solutions --------- Upgrade to version 1.006 or later. References ---------- https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/changes https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/diff/TEODESIAN/Trog-TOTP-1.005#lib/Trog/TOTP.pm Timeline -------- - 2026-05-13: CPANSec identified issue - 2026-05-14: Author was notified - 2026-05-15: Version 1.006 released.
