Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5081

Summary
Assigner-CPANSec
Assigner Org ID-9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At-06 May, 2026 | 12:16
Updated At-06 May, 2026 | 16:32
Rejected At-
Credits

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation. The server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header). The purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CPANSec
Assigner Org ID:9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At:06 May, 2026 | 12:16
Updated At:06 May, 2026 | 16:32
Rejected At:
â–¼CVE Numbering Authority (CNA)
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation. The server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header). The purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.

Affected Products
Vendor
CHORNY
Product
Apache::Session::Generate::ModUniqueId
Collection URL
https://cpan.org/modules
Package Name
Apache-Session
Repo
http://github.com/chorny/Apache-Session
Program Files
  • lib/Session/Generate/ModUniqueId.pm
Program Routines
  • Apache::Session::Generate::ModUniqueId::generate_id
Default Status
unaffected
Versions
Affected
  • From 1.54 through 1.94 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-340CWE-340 Generation of Predictable Numbers or Identifiers
Type: CWE
CWE ID: CWE-340
Description: CWE-340 Generation of Predictable Numbers or Identifiers
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions

In cases where the session id is used for authentication or provides access to restricted data, consider alternate solutions like Apache::Session::Generate::Random.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://httpd.apache.org/docs/current/mod/mod_unique_id.html
technical-description
https://metacpan.org/pod/Apache::Session::Generate::Random
N/A
Hyperlink: https://httpd.apache.org/docs/current/mod/mod_unique_id.html
Resource:
technical-description
Hyperlink: https://metacpan.org/pod/Apache::Session::Generate::Random
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2026/05/06/6
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/05/06/6
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At:06 May, 2026 | 13:16
Updated At:06 May, 2026 | 17:16

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation. The server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header). The purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-340Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-340
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://httpd.apache.org/docs/current/mod/mod_unique_id.html9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://metacpan.org/pod/Apache::Session::Generate::Random9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
http://www.openwall.com/lists/oss-security/2026/05/06/6af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://httpd.apache.org/docs/current/mod/mod_unique_id.html
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://metacpan.org/pod/Apache::Session::Generate::Random
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/05/06/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2025-40931
Matching Score-10
Assigner-CPAN Security Group
ShareView Details
Matching Score-10
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 01:41
Updated-21 Apr, 2026 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems. Note that the libapache-session-perl package in some Debian-based Linux distributions may be patched to use Crypt::URandom.

Action-Not Available
Vendor-chornyCHORNY
Product-apache\Apache::Session::Generate::MD5
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE ID-CWE-340
Generation of Predictable Numbers or Identifiers
CVE-2026-5085
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-0.04% / 12.35%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 06:56
Updated-23 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solstice::Session versions through 1440 for Perl generates session ids insecurely

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id. The same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution. The epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain predictable content. The built-in rand() function is seeded by 16-bits and is unsuitable for security purposes. The process id comes from a small set of numbers. Predictable session ids could allow an attacker to gain access to systems.

Action-Not Available
Vendor-mcrawforMCRAWFOR
Product-solstice\Solstice::Session
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE ID-CWE-340
Generation of Predictable Numbers or Identifiers
CVE-2026-40496
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 01:38
Updated-23 Apr, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and download any private attachment without credentials. Version 1.8.213 fixes the issue.

Action-Not Available
Vendor-freescoutfreescout-help-desk
Product-freescoutfreescout
CWE ID-CWE-330
Use of Insufficiently Random Values
CWE ID-CWE-340
Generation of Predictable Numbers or Identifiers
CVE-2024-47945
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
CVSS Score-9.1||CRITICAL
EPSS-0.41% / 61.48%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 10:05
Updated-03 Nov, 2025 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Predictable Session ID

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.

Action-Not Available
Vendor-rittalRITTAL GmbH & Co. KGrittal_gmbh_and_co.kg
Product-iot_interfaceiot_interface_firmwarecmc_iii_processing_units_firmwarecmc_iii_processing_unitsIoT Interface & CMC III Processing Unitiot_interface_and_cmc_iii_processing_unit
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-340
Generation of Predictable Numbers or Identifiers
CVE-2025-40925
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-20 Sep, 2025 | 12:31
Updated-22 Sep, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Starch versions 0.14 and earlier generate session ids insecurely

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Action-Not Available
Vendor-BLUEFEET
Product-Starch
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE ID-CWE-340
Generation of Predictable Numbers or Identifiers
Details not found