CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

🗓️ 30 Apr 2026 11:49:29Reported by CPANSecType

CVE-2026-5080: Dancer::Session::Abstract up to 1.3522 generates predictable session ids from path name, process id, epoch time, and random function.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-5080	30 Apr 202611:49	–	attackerkb
Circl	CVE-2026-5080	30 Apr 202617:41	–	circl
CNNVD	Dancer::Session::Abstract 安全特征问题漏洞	30 Apr 202600:00	–	cnnvd
CVE	CVE-2026-5080	30 Apr 202611:49	–	cve
Debian CVE	CVE-2026-5080	30 Apr 202611:49	–	debiancve
EUVD	EUVD-2026-26369	30 Apr 202611:49	–	euvd
NVD	CVE-2026-5080	30 Apr 202612:16	–	nvd
OSV	DEBIAN-CVE-2026-5080	30 Apr 202612:16	–	osv
OSV	UBUNTU-CVE-2026-5080	30 Apr 202612:16	–	osv
Positive Technologies	PT-2026-36091	30 Apr 202600:00	–	ptsecurity

[
  {
    "collectionURL": "https://cpan.org/modules",
    "defaultStatus": "unaffected",
    "packageName": "Dancer",
    "product": "Dancer::Session::Abstract",
    "programFiles": [
      "lib/Dancer/Session/Abstract.pm"
    ],
    "programRoutines": [
      {
        "name": "Dancer::Session::Abstract::build_id"
      }
    ],
    "repo": "https://github.com/PerlDancer/Dancer",
    "vendor": "BIGPRESH",
    "versions": [
      {
        "lessThanOrEqual": "1.3522",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
metacpan	www.metacpan.org/release/BIGPRESH/Dancer-1.3522/source/lib/Dancer/Session/Abstract.pm
security	www.security.metacpan.org/patches/D/Dancer/1.3522/CVE-2026-5080-r1.patch

30 Apr 2026 11:49Current

EPSS0.00374

Dancer session Session id security Predictable session Perl version Path name Epoch time Random function Process id