Exploit for CVE-2026-30909

Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows.
bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer.
Encountering this issue is unlikely as the message length would need to be very large.
For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U

Published: 2026-03-08

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download Exploit for CVE-2026-30909 here:

http://zeroday3sv534ljdendaufcrorz67yg6iujdpaknp6zqgxaevb7okfid.onion/exploit-for-cve-2026-30909.775/

Use Tor Browser to access .onion site.

https://sonitex.com/exploit-504-cve-2026-22390/

https://sonitex.com/exploit-4-cve-2025-30412/

https://sonitex.com/exploit-149-cve-2025-40538/

https://sonitex.com/exploit-768-cve-2026-31900/

https://sonitex.com/exploit-224-cve-2026-27626/