CVE-2026-5088

Name of the Vulnerable Software and Affected Versions Apache::API::Password versions prior to 0.5.3

Description The software can generate insecure random values for salts used in password hashing. The functions make salt() and make salt bcrypt() attempt to load Crypt::URandom and Bytes::Random::Secure to generate random bytes. If these modules are unavailable, the system falls back to using Perl's built-in rand function, which is unsuitable for cryptographic purposes.

Recommendations Update to a version later than 0.5.2.