CSRF in Sri Mojolicious
CVE-2026-15747
Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on every call…
Affected products
- Sri Mojolicious — versions 4.59