What is CVE-2026-11625?

CVE-2026-11625 is a high-severity vulnerability in Davido Bytes::random::secure, classified under Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG). CVSS score: 7.5/10. Published 2026-06-26.

How severe is CVE-2026-11625?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Davido Bytes::random::secure

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared acro…

EPSS: 0.002 (5.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Davido Bytes::random::secure — versions 0

Weakness classification (CWE)

CWE-335 — Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

References

9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking)
9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking)
9b29abf9-4ab0-4765-b253-1875cd9b441e (patch)
9b29abf9-4ab0-4765-b253-1875cd9b441e (related)

Frequently asked questions

What is CVE-2026-11625?: CVE-2026-11625 is a high-severity vulnerability in Davido Bytes::random::secure, classified under Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG). CVSS score: 7.5/10. Published 2026-06-26.
How severe is CVE-2026-11625?: High severity. CVSS v3 base score is 7.5 out of 10.