CVE-2026-12205NVD

Vulnerability Summary

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.

Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.

The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r".

Keys used to sign more than once with an affected version should be considered compromised.

Severity Level

CRITICAL(9.1)

Published Date

Jun 15, 2026

Last Modified

Jun 16, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.17%Probability

Root Weakness (CWE)

CWE-323: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityNone

External References

https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes
http://www.openwall.com/lists/oss-security/2026/06/15/4