The Crypt::DSA module for Perl versions prior to 1.20 uses Perl's built-in rand function to generate seeds for cryptographic operations. Since rand is predictable and unsuitable for security-sensitive randomness, this results in insufficient entropy (CWE-331), potentially compromising the cryptographic strength of the module. The vulnerability is publicly documented under CVE-2026-8700 with a CVSS 3.1 base score of 7.3, indicating a high severity remote attack vector with low attack complexity and no privileges or user interaction required.

The use of predictable random seeds in Crypt::DSA can lead to weakened cryptographic keys or signatures, reducing confidentiality, integrity, and availability of operations relying on this module. This may allow attackers to predict or reproduce cryptographic values, undermining security guarantees. However, no known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid using vulnerable versions of Crypt::DSA or consider alternative cryptographic modules that use secure random number generation. Monitor vendor channels for updates.