Maypole Session ID Generation Vulnerability in Perl

Vulnerability

A vulnerability exists in Maypole versions 2.10 to 2.13 for Perl, where session IDs are generated insecurely. The session ID is created using the system time (accessible through HTTP response headers), a call to the built-in rand() function, and the process ID.

Impact

This vulnerability could lead to session fixation or prediction attacks, allowing an attacker to hijack user sessions.

Added: Feb 16, 2026, 10:25 PM

Updated: Feb 16, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.1

remediation

0.0

relevance

3.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.1

remediation

0.0

relevance

3.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Maypole Session ID Generation Vulnerability in Perl

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating