Ctrl + K
/ news / CVE
CVEPublished 2026-04-23Modified 2026-05-120 articles on news6 live referencesNVD data

CVE-2026-41564Dcit · Cryptx

Vulnerability data via NVD (ingested)

CVSS v3.1
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS percentile
12
Exploit Prediction Scoring System · top 88% of all CVEs
Weaknesses (CWE)
CWE-335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Description

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery. This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.

Timeline
Published 2026-04-23
Modified 2026-05-12

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-41564
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Dcit Cryptx"
All exposed Dcit Cryptx instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Cryptx"
HTTP body or banner mentions "Cryptx" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-41564
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-41564
Censys host search filtered to this CVE id.
grep.app
CVE-2026-41564
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-41564
GitHub code search for direct mentions.
Google dork
"CVE-2026-41564" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2026-41564 on GitHub.
We haven't classified any articles referencing CVE-2026-41564 yet. The external references above still apply.