Vulnerability in Ktat Http::session

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, th…

EPSS: 0.000 (7.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References