Threats Tagged 'cve-2026-9537'
View all threats tagged with 'cve-2026-9537'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-9537'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-9537: CWE-208 Observable Timing Discrepancy in JBERGER Mojo::JWTCVE-2026-9537 0 Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of matching leading bytes. A caller that decodes attacker supplied tokens leaks the expected signature through this timing variation, which can be aggregated over many requests to recover the signature and forge a token. Join the discussion | CVE Database V5 | 07/17/2026, 15:29:58 UTC Added: 07/18/2026, 11:08:40 UTC |
Showing 1 to 1 of 1 result