CVE-2026-9692

Summary (CVE-2026-9692): Mojolicious::Sessions::Storable in Perl versions up to 0.05 generates insecure session IDs. The default generator seeds a SHA-1 hash with a mix of low-entropy sources: built-in rand, epoch time, heap address of an anonymous hash, and the process ID, making IDs predictable...