Vulnerability in Tokuhirom Amon2::plugin::web::csrfdefender

CVE-2026-5082

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generate_session_id function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it genera…

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

Affected products

Tokuhirom Amon2::plugin::web::csrfdefender — versions 7.00

Weakness classification (CWE)

References

metacpan.org/release/TOKUHIROM/Amon2-Plugin-Web-CSRFDefender-7.03/source/lib/Am…
metacpan.org/release/TOKUHIROM/Amon2-Plugin-Web-CSRFDefender-7.04/changes (release-notes)
www.cve.org/CVERecord (related, vendor-advisory)