CVE advisoryCRITICAL
CVE-2026-3256
HTTP::Session Insecure Session ID Generation Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in the HTTP::Session library for Perl allows for the generation of insecure session IDs, which could be predicted by attackers. This could lead to unauthorized access and manipulation of user sessions in web applications.