CVE-2026-5087
Published: 31 March 2026
Summary
CVE-2026-5087 is a high-severity PRNG (CWE-338) vulnerability in Jjnapiork Pagi\. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires timely patching of CVE-2026-5087 by upgrading PAGI::Middleware::Session::Store::Cookie to version 0.001004 or later, eliminating insecure rand()-based IV generation.
Cryptographic protection mandates appropriate mechanisms for confidentiality and integrity of session data, directly countering predictable IVs that enable decryption and tampering of encrypted cookies.
Vulnerability monitoring and scanning identifies deployed instances of the vulnerable Perl module, enabling proactive remediation of the weak IV generation flaw.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remotely exploitable flaw (AV:N/AC:L/PR:N/UI:N) in a web session management module allowing unauthenticated decryption/tampering of session cookies containing auth tokens, directly enabling exploitation of public-facing applications.
NVD Description
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that…
more
recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications. This modules does not use the Crypt::URandom module, and installing it will not fix the problem. The random bytes are used for generating an initialisation vector (IV) to encrypt the cookie. A predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie.
Deeper analysisAI
CVE-2026-5087 affects PAGI::Middleware::Session::Store::Cookie versions through 0.001003, a Perl module for session storage in cookies. The vulnerability stems from insecure generation of random bytes used as an initialization vector (IV) for encrypting session data. The module attempts to read from /dev/urandom but falls back to Perl's built-in rand() function on systems lacking the device, such as Windows, despite issuing a warning to install Crypt::URandom. Notably, the module does not actually use Crypt::URandom even if installed, resulting in cryptographically weak, predictable random bytes.
Attackers can exploit this remotely over a network with low complexity, requiring no privileges or user interaction (CVSS 7.5: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A malicious user can leverage the predictable IV to more easily decrypt and tamper with encrypted session cookies, potentially exposing or modifying sensitive session data such as user authentication tokens.
The vulnerability was disclosed via the oss-security mailing list, with source code confirming the issue in lines 156-173 of the affected version. Mitigation is available in version 0.001004, as detailed in its release changes on MetaCPAN; users should upgrade to this or later versions to ensure proper random byte generation for IVs.
Details
- CWE(s)