Vulnerability in Berov Ado::sessions

CVE-2026-5083

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers…

EPSS: 0.000 (4.2th percentile) — read the EPSS interpretation.

Affected products

Berov Ado::sessions — versions 0

Weakness classification (CWE)

References

github.com/kberov/Ado/issues/112 (issue-tracking)
backpan.perl.org/authors/id/B/BE/BEROV/Ado-0.935.tar.gz
security.metacpan.org/docs/guides/random-data-for-security.html (technical-description)