cvedb.io
CVE-2026-13082
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2026-07-17T13:17:55.443 · Last modified 2026-07-17T13:17:55.443

Summary

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string. The built-in rand function is unsuitable for security applications because it is predictable and reversible.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.