CVE-2026-11702 Overview
CVE-2026-11702 affects Bytes::Random::Secure::Tiny versions through 1.011 for Perl. The module shares internal pseudorandom number generator (PRNG) state across forked child processes. When an application instantiates the object before calling fork(), every child process inherits identical PRNG state. Each child then produces the same sequence of random bytes.
The flaw is classified under CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator. Secrets, tokens, and session identifiers generated in multiprocess Perl applications become predictable across processes, undermining confidentiality guarantees expected from a cryptographically secure random source.
Critical Impact
Multiprocess Perl applications relying on this module for secret generation produce identical random streams across forked workers, allowing attackers who observe output from one process to predict values generated by sibling processes.
Affected Products
- Bytes::Random::Secure::Tiny Perl module, versions up to and including 1.011
- Perl applications using this module for cryptographic secret generation
- Multiprocess or preforking Perl services (for example web servers using fork() after module initialization)
Discovery Timeline
- 2026-06-26 - CVE-2026-11702 published to NVD
- 2026-07-01 - Last updated in NVD database
Technical Details for CVE-2026-11702
Vulnerability Analysis
Bytes::Random::Secure::Tiny provides a lightweight interface for generating cryptographically secure random bytes in Perl. The module maintains internal PRNG state within an object instance. When a Perl process creates that object and then calls fork(), the operating system duplicates the parent's memory, including the seeded PRNG state, into every child process.
Each child continues generating random bytes from the identical starting state. Two workers asked to produce a 32-byte token will return the exact same 32 bytes. An attacker who obtains a single token from one worker gains the ability to predict tokens issued by every sibling worker sharing the pre-fork initialization.
The defect is a classic post-fork entropy failure. Cryptographic PRNG libraries must detect process forks and reseed automatically, typically by comparing the current process identifier against a cached value.
Root Cause
The module does not detect process boundary changes. It fails to reseed or mix in fresh entropy after fork(). The upstream discussion and the corresponding pull request document the missing PID check and the fix that reseeds internal state when the process identifier changes.
Attack Vector
Exploitation does not require direct network access to the module. An attacker who can observe any secret generated by one worker process, such as a session cookie, CSRF token, password reset nonce, or API key, can reproduce or predict values generated by other workers that share the parent's pre-fork state. In web applications behind a preforking server, this collapses the effective entropy of every generated secret to that of a single process.
See the MetaCPAN security patch for the exact code changes that address the shared-state condition.
Detection Methods for CVE-2026-11702
Indicators of Compromise
- Duplicate session tokens, CSRF tokens, or API keys issued to different users within the same application instance
- Identical output from random_bytes() or random_string() calls across separate worker processes
- Application logs showing collisions on values that should be statistically unique
- Presence of Bytes::Random::Secure::Tiny at version 1.011 or earlier in cpanfile, Makefile.PL, or META.json manifests
Detection Strategies
- Inventory Perl dependencies with cpanm --showdeps or cpan -l and flag any use of Bytes::Random::Secure::Tiny at version <= 1.011
- Add unit tests that fork a worker, generate random bytes in both parent and child, and assert the outputs differ
- Grep source repositories for use Bytes::Random::Secure::Tiny and audit whether object instantiation occurs before fork() calls
Monitoring Recommendations
- Track collision rates on generated tokens, session IDs, and nonces in application telemetry
- Alert when duplicate secrets are observed across worker processes serving the same service
- Include Perl module inventory in software composition analysis (SCA) pipelines and monitor for advisories referencing CWE-335
How to Mitigate CVE-2026-11702
Immediate Actions Required
- Upgrade Bytes::Random::Secure::Tiny to a version above 1.011 that incorporates the patch from pull request #7
- Rotate any long-lived secrets, API keys, or tokens generated by affected multiprocess applications before the fix was applied
- Audit application startup code to move object instantiation after fork() where an immediate upgrade is not possible
Patch Information
The fix is published at MetaCPAN Security Patches. The patch introduces a process identifier check that reseeds the PRNG internal state when the current PID differs from the PID recorded at initialization. Related records CVE-2026-11625 and CVE-2026-41564 cover similar issues in adjacent Perl modules and should be reviewed together.
Workarounds
- Instantiate the random source inside each child process after fork() rather than in the parent
- Replace calls with an alternative such as reading directly from /dev/urandom or using Crypt::URandom until the upgrade is deployed
- Explicitly reseed the object in child processes by destroying and recreating it as the first action after fork()
# Upgrade the module via cpanm
cpanm Bytes::Random::Secure::Tiny
# Verify installed version
perl -MBytes::Random::Secure::Tiny -e 'print $Bytes::Random::Secure::Tiny::VERSION, "\n"'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

