CVE-2026-9641

Published Jun 12, 2026

Last updated 17 hours ago

CVSS medium 5.3

Overview

Description: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD status: Deferred

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

9b29abf9-4ab0-4765-b253-1875cd9b441e: CWE-916

Hype score: Not currently trending

References

Sources include official advisories and independent security research.