CVE-2026-6146

CVE Database · CVE-2026-6146

CVE-2026-6146

· MEDIUMDeferred

CVSS v3.1

5.3

EPSS

0.17%

Published

May 11, 2026

Modified

May 13, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-338

References (3)

https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.2.0/source/lib/Amazon/Credentials.pm#L1415-1418

https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.3.0/changes

http://www.openwall.com/lists/oss-security/2026/05/11/15

KEV Catalog EPSS Scores Vendors All CVEs