CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.

These versions use Perl’s built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

More information : https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e.patch