Search criteria
141 vulnerabilities
CVE-2026-9658 (GCVE-0-2026-9658)
Vulnerability from cvelistv5 – Published: 2026-05-28 11:36 – Updated: 2026-05-28 11:36
VLAI
Title
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths
Summary
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.
The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example,
GET /path\r\nHTTP/1.1\r\nHost: secret.example.com
Note that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://metacpan.org/release/RRWO/Plack-Middlewar… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RRWO | Plack::Middleware::Security::Common |
Affected:
0 , < 0.13.1
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Plack-Middleware-Security-Simple",
"product": "Plack::Middleware::Security::Common",
"programFiles": [
"lib/Plack/Middleware/Security/Common.pm"
],
"programRoutines": [
{
"name": "Plack::Middleware::Security::Common::header_injection"
}
],
"repo": "https://github.com/robrwo/Plack-Middleware-Security-Simple",
"vendor": "RRWO",
"versions": [
{
"lessThan": "0.13.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.\n\nThe header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example,\n\n GET /path\\r\\nHTTP/1.1\\r\\nHost: secret.example.com\n\nNote that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T11:36:50.565Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 0.13.1 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths",
"workarounds": [
{
"lang": "en",
"value": "Use with the the the non_printable_chars rule to block header injections."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-9658",
"datePublished": "2026-05-28T11:36:50.565Z",
"dateReserved": "2026-05-26T20:57:50.718Z",
"dateUpdated": "2026-05-28T11:36:50.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8450 (GCVE-0-2026-8450)
Vulnerability from cvelistv5 – Published: 2026-05-27 04:22 – Updated: 2026-05-27 15:54
VLAI
Title
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()
Summary
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file().
send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path for write or append.
Untrusted input passed to send_file() can run OS commands at the daemon process UID. The read-pipe form ('cmd |') also leaks subprocess stdout into the HTTP response body. The write-mode forms can create or truncate files at attacker chosen paths.
Severity
9.1 (Critical)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/libwww-perl/HTTP-Daemon/pull/89 | issue-tracking |
| https://github.com/libwww-perl/HTTP-Daemon/commit… | patch |
| https://metacpan.org/release/OALDERS/HTTP-Daemon-… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OALDERS | HTTP::Daemon |
Affected:
0 , < 6.17
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-27T07:24:59.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/27/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T15:46:44.248133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:54:59.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "HTTP-Daemon",
"product": "HTTP::Daemon",
"programFiles": [
"lib/HTTP/Daemon.pm"
],
"programRoutines": [
{
"name": "HTTP::Daemon::ClientConn::send_file"
}
],
"repo": "https://github.com/libwww-perl/HTTP-Daemon",
"vendor": "OALDERS",
"versions": [
{
"lessThan": "6.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file().\n\nsend_file() opens its string argument with Perl\u0027s 2-arg open(). The 2-arg form interprets magic prefixes: \u0027| cmd\u0027 and \u0027cmd |\u0027 open a pipe to a subprocess, \u0027\u003e path\u0027 and \u0027\u003e\u003e path\u0027 open the path for write or append.\n\nUntrusted input passed to send_file() can run OS commands at the daemon process UID. The read-pipe form (\u0027cmd |\u0027) also leaks subprocess stdout into the HTTP response body. The write-mode forms can create or truncate files at attacker chosen paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T04:22:26.539Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/libwww-perl/HTTP-Daemon/pull/89"
},
{
"tags": [
"patch"
],
"url": "https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/OALDERS/HTTP-Daemon-6.17/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to HTTP-Daemon 6.17 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-12T00:00:00.000Z",
"value": "Issue identified."
},
{
"lang": "en",
"time": "2026-05-19T00:00:00.000Z",
"value": "HTTP-Daemon 6.17 released."
}
],
"title": "HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8450",
"datePublished": "2026-05-27T04:22:26.539Z",
"dateReserved": "2026-05-12T21:26:04.212Z",
"dateUpdated": "2026-05-27T15:54:59.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48962 (GCVE-0-2026-48962)
Vulnerability from cvelistv5 – Published: 2026-05-27 03:12 – Updated: 2026-05-27 16:02
VLAI
Title
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Summary
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.
_parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl.
Arbitrary Perl in the output glob executes at the calling process's privilege.
Severity
7.3 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pmqs/IO-Compress/commit/f2db24… | patch |
| https://metacpan.org/release/PMQS/IO-Compress-2.2… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PMQS | IO::Compress |
Affected:
0 , < 2.220
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-27T07:24:58.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/27/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:01:45.845766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:02:15.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "IO-Compress",
"product": "IO::Compress",
"programFiles": [
"lib/File/GlobMapper.pm"
],
"programRoutines": [
{
"name": "File::GlobMapper::_parseOutputGlob"
},
{
"name": "File::GlobMapper::_getFiles"
}
],
"repo": "https://github.com/pmqs/IO-Compress",
"vendor": "PMQS",
"versions": [
{
"lessThan": "2.220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.\n\n_parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl.\n\nArbitrary Perl in the output glob executes at the calling process\u0027s privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:12:38.974Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/PMQS/IO-Compress-2.220/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to IO-Compress 2.220 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-16T00:00:00.000Z",
"value": "Version 2.220 released."
}
],
"title": "IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-48962",
"datePublished": "2026-05-27T03:12:38.974Z",
"dateReserved": "2026-05-26T18:09:32.365Z",
"dateUpdated": "2026-05-27T16:02:15.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48961 (GCVE-0-2026-48961)
Vulnerability from cvelistv5 – Published: 2026-05-27 02:34 – Updated: 2026-05-27 07:24
VLAI
Title
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID
Summary
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID.
When decode_ux() in bin/zipdetails handles an Info-ZIP Unix Extra Field (tag 0x7875) with UID Size or GID Size set to 8, causing zipdetails to decode an 8-byte UID or GID value, it dispatches through decodeLitteEndian(), which calls a misnamed helper unpackValueQ. The actual function defined in the same file is unpackValue_Q (with underscore); the call raises 'Undefined subroutine &main::unpackValueQ' and the script exits with status 255.
Library callers of IO::Compress and IO::Uncompress are not affected; the defect is in the bundled CLI tool.
Severity
No CVSS data available.
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pmqs/IO-Compress/commit/33c89d… | patch |
| https://metacpan.org/release/PMQS/IO-Compress-2.2… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PMQS | IO::Compress |
Affected:
2.207 , < 2.220
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-27T07:24:57.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/27/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "IO-Compress",
"product": "IO::Compress",
"programFiles": [
"bin/zipdetails"
],
"programRoutines": [
{
"name": "main::decode_ux"
},
{
"name": "main::decodeLitteEndian"
}
],
"repo": "https://github.com/pmqs/IO-Compress",
"vendor": "PMQS",
"versions": [
{
"lessThan": "2.220",
"status": "affected",
"version": "2.207",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID.\n\nWhen decode_ux() in bin/zipdetails handles an Info-ZIP Unix Extra Field (tag 0x7875) with UID Size or GID Size set to 8, causing zipdetails to decode an 8-byte UID or GID value, it dispatches through decodeLitteEndian(), which calls a misnamed helper unpackValueQ. The actual function defined in the same file is unpackValue_Q (with underscore); the call raises \u0027Undefined subroutine \u0026main::unpackValueQ\u0027 and the script exits with status 255.\n\nLibrary callers of IO::Compress and IO::Uncompress are not affected; the defect is in the bundled CLI tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:47:42.472Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pmqs/IO-Compress/commit/33c89d03d6e746ed2ead4f2f6570d47864c61bc7.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/PMQS/IO-Compress-2.220/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to IO-Compress 2.220 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-16T00:00:00.000Z",
"value": "Version 2.220 released."
}
],
"title": "IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-48961",
"datePublished": "2026-05-27T02:34:52.228Z",
"dateReserved": "2026-05-26T18:09:32.365Z",
"dateUpdated": "2026-05-27T07:24:57.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48959 (GCVE-0-2026-48959)
Vulnerability from cvelistv5 – Published: 2026-05-27 02:29 – Updated: 2026-05-27 07:24
VLAI
Title
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Summary
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.
fastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration.
Extracting a named entry from an attacker supplied zip via IO::Uncompress::Unzip->new($zip, Name => $target) drives a per-byte read loop scaling with the entry's compressed size, up to the non-Zip64 4 GiB cap.
Severity
No CVSS data available.
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pmqs/IO-Compress/commit/68db44… | patch |
| https://metacpan.org/release/PMQS/IO-Compress-2.2… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PMQS | IO::Uncompress::Unzip |
Affected:
0 , < 2.220
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-27T07:24:56.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/27/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "IO-Compress",
"product": "IO::Uncompress::Unzip",
"programFiles": [
"lib/IO/Uncompress/Unzip.pm"
],
"programRoutines": [
{
"name": "IO::Uncompress::Unzip::fastForward"
}
],
"repo": "https://github.com/pmqs/IO-Compress",
"vendor": "PMQS",
"versions": [
{
"lessThan": "2.220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.\n\nfastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration.\n\nExtracting a named entry from an attacker supplied zip via IO::Uncompress::Unzip-\u003enew($zip, Name =\u003e $target) drives a per-byte read loop scaling with the entry\u0027s compressed size, up to the non-Zip64 4 GiB cap."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:29:07.027Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pmqs/IO-Compress/commit/68db44076f4c1a86a2ffe53a958eac6cabaf72e2.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/PMQS/IO-Compress-2.220/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to IO-Compress 2.220 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-16T00:00:00.000Z",
"value": "Version 2.220 released."
}
],
"title": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-48959",
"datePublished": "2026-05-27T02:29:07.027Z",
"dateReserved": "2026-05-26T18:09:32.365Z",
"dateUpdated": "2026-05-27T07:24:56.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15649 (GCVE-0-2025-15649)
Vulnerability from cvelistv5 – Published: 2026-05-27 02:25 – Updated: 2026-05-27 07:24
VLAI
Title
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Summary
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.
_dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die.
The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.
Severity
No CVSS data available.
CWE
- CWE-248 - Uncaught Exception
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pmqs/IO-Compress/commit/fd28c1… | patch |
| https://github.com/pmqs/IO-Compress/issues/65 | issue-tracking |
| https://metacpan.org/release/PMQS/IO-Compress-2.2… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PMQS | IO::Uncompress::Unzip |
Affected:
0 , < 2.215
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-27T07:24:54.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/27/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "IO-Compress",
"product": "IO::Uncompress::Unzip",
"programFiles": [
"lib/IO/Uncompress/Unzip.pm"
],
"programRoutines": [
{
"name": "IO::Uncompress::Unzip::_dosToUnixTime"
}
],
"repo": "https://github.com/pmqs/IO-Compress",
"vendor": "PMQS",
"versions": [
{
"lessThan": "2.215",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.\n\n_dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die.\n\nThe exception propagates out of IO::Uncompress::Unzip-\u003enew($file) where callers expect undef plus $UnzipError."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:25:38.973Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf1da8.patch"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/pmqs/IO-Compress/issues/65"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/PMQS/IO-Compress-2.215/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to IO-Compress 2.215 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-10-25T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-01-30T00:00:00.000Z",
"value": "Version 2.215 released."
}
],
"title": "IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-15649",
"datePublished": "2026-05-27T02:25:38.973Z",
"dateReserved": "2026-05-26T18:17:10.655Z",
"dateUpdated": "2026-05-27T07:24:54.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8647 (GCVE-0-2026-8647)
Vulnerability from cvelistv5 – Published: 2026-05-26 22:53 – Updated: 2026-05-27 01:41
VLAI
Title
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available
Summary
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.
The random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available.
Severity
No CVSS data available.
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MIK | Crypt::ScryptKDF |
Affected:
0 , ≤ 0.010
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-27T01:41:36.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/26/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-ScryptKDF",
"product": "Crypt::ScryptKDF",
"programFiles": [
"lib/Crypt/ScryptKDF.pm"
],
"programRoutines": [
{
"name": "Crypt::ScryptKDF::random_bytes"
}
],
"repo": "https://github.com/DCIT/perl-Crypt-ScryptKDF",
"vendor": "MIK",
"versions": [
{
"lessThanOrEqual": "0.010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.\n\nThe random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T22:53:49.993Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/changes"
},
{
"url": "https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/diff/MIK/Crypt-ScryptKDF-0.010#lib/Crypt/ScryptKDF.pm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.011 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Issue reported to CPANSec"
},
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Issue reported to maintainer"
},
{
"lang": "en",
"time": "2026-05-16T00:00:00.000Z",
"value": "Version 0.011 with fix released."
}
],
"title": "Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available",
"workarounds": [
{
"lang": "en",
"value": "Install one of the recommended Perl modules, such as Crypt::PRNG."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8647",
"datePublished": "2026-05-26T22:53:49.993Z",
"dateReserved": "2026-05-14T22:46:50.791Z",
"dateUpdated": "2026-05-27T01:41:36.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46740 (GCVE-0-2026-46740)
Vulnerability from cvelistv5 – Published: 2026-05-26 22:48 – Updated: 2026-05-26 22:48
VLAI
Title
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections
Summary
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).
Severity
No CVSS data available.
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/RRWO/Mojolicious-Plu… | release-notes |
| https://github.com/robrwo/perl-Mojolicious-Plugin… | patch |
| https://www.cve.org/CVERecord?id=CVE-2026-46720 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RRWO | Mojolicious::Plugin::Statsd |
Affected:
0 , ≤ 0.04
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Mojolicious-Plugin-Statsd",
"product": "Mojolicious::Plugin::Statsd",
"repo": "https://github.com/robrwo/perl-Mojolicious-Plugin-Statsd",
"vendor": "RRWO",
"versions": [
{
"lessThanOrEqual": "0.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.\n\nThe metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.\n\nVersion 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T22:48:03.747Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Mojolicious-Plugin-Statsd-0.06/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/robrwo/perl-Mojolicious-Plugin-Statsd/commit/f049156982a2c0b8050f173e24a04a29ddd64853.patch"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46720"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Mojolicious::Plugin::Statsd version 0.06 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-46740",
"datePublished": "2026-05-26T22:48:03.747Z",
"dateReserved": "2026-05-17T18:04:31.500Z",
"dateUpdated": "2026-05-26T22:48:03.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9538 (GCVE-0-2026-9538)
Vulnerability from cvelistv5 – Published: 2026-05-26 00:18 – Updated: 2026-05-26 03:06
VLAI
Title
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Summary
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
_read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value.
A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.
Severity
No CVSS data available.
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/jib/archive-tar-new/commit/f9a… | patch |
| https://metacpan.org/release/BINGOS/Archive-Tar-3… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-26T03:06:03.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/26/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_read_tar"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.\n\n_read_tar() reads each entry\u0027s payload with $handle-\u003eread($$data, $block), where $block is derived from the entry\u0027s 12-byte size field in the tar header with no upper bound on that value.\n\nA crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:18:43.704Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.10/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.10 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Version 3.10 released."
}
],
"title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-9538",
"datePublished": "2026-05-26T00:18:43.704Z",
"dateReserved": "2026-05-25T23:04:04.116Z",
"dateUpdated": "2026-05-26T03:06:03.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42497 (GCVE-0-2026-42497)
Vulnerability from cvelistv5 – Published: 2026-05-26 00:17 – Updated: 2026-05-26 00:17
VLAI
Title
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Summary
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.
_make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode.
A subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header's mode, owner, and timestamps to the shared inode during extraction alone.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jib/archive-tar-new/commit/17c… | patch |
| https://metacpan.org/release/BINGOS/Archive-Tar-3… | release-notes |
| https://www.cve.org/CVERecord?id=CVE-2026-42496 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.08
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_make_special_file"
},
{
"name": "Archive::Tar::_extract_file"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.\n\n_make_special_file() passes the tar header\u0027s linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file\u0027s inode.\n\nA subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header\u0027s mode, owner, and timestamps to the shared inode during extraction alone."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:17:50.656Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42496"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.08 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-10T00:00:00.000Z",
"value": "Version 3.06 released, disabling hardlink extraction by default."
},
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Version 3.08 released."
}
],
"title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-42497",
"datePublished": "2026-05-26T00:17:50.656Z",
"dateReserved": "2026-04-27T18:34:48.417Z",
"dateUpdated": "2026-05-26T00:17:50.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42496 (GCVE-0-2026-42496)
Vulnerability from cvelistv5 – Published: 2026-05-26 00:17 – Updated: 2026-05-26 00:17
VLAI
Title
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Summary
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.
_make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.
A subsequent open through the extracted name reads or writes the attacker chosen path.
Severity
No CVSS data available.
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jib/archive-tar-new/commit/17c… | patch |
| https://metacpan.org/release/BINGOS/Archive-Tar-3… | release-notes |
| https://www.cve.org/CVERecord?id=CVE-2026-42497 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.08
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_make_special_file"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.\n\n_make_special_file() passes the tar header\u0027s linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.\n\nA subsequent open through the extracted name reads or writes the attacker chosen path."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:17:19.110Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42497"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.08 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Version 3.08 released."
}
],
"title": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-42496",
"datePublished": "2026-05-26T00:17:19.110Z",
"dateReserved": "2026-04-27T18:34:48.417Z",
"dateUpdated": "2026-05-26T00:17:19.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8376 (GCVE-0-2026-8376)
Vulnerability from cvelistv5 – Published: 2026-05-25 23:53 – Updated: 2026-05-27 18:04
VLAI
Title
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Summary
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.
Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.
A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.
Severity
7.3 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Perl/perl5/commit/5e7f119eb2bb… | patch |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-26T03:06:00.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/26/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T18:03:45.554441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:04:00.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "perl",
"programFiles": [
"regcomp_study.c"
],
"programRoutines": [
{
"name": "Perl_study_chunk"
}
],
"repo": "https://github.com/Perl/perl5",
"vendor": "SHAY",
"versions": [
{
"lessThanOrEqual": "5.43.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.\n\nPerl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.\n\nA caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:53:27.812Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to a future perl release, or apply the upstream patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-24T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-20T00:00:00.000Z",
"value": "Fix merged to blead."
}
],
"title": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds",
"workarounds": [
{
"lang": "en",
"value": "On 32-bit perl builds, avoid compiling regular expressions from untrusted input until a fixed release is installed."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8376",
"datePublished": "2026-05-25T23:53:27.812Z",
"dateReserved": "2026-05-12T08:15:41.456Z",
"dateUpdated": "2026-05-27T18:04:00.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5091 (GCVE-0-2026-5091)
Vulnerability from cvelistv5 – Published: 2026-05-21 21:07 – Updated: 2026-05-22 14:13
VLAI
Title
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks
Summary
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.
Severity
5.1 (Medium)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/ETHER/Catalyst-Plugi… | release-notes |
| https://github.com/perl-catalyst/Catalyst-Plugin-… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JJNAPIORK | Catalyst::Plugin::Authentication |
Affected:
0 , ≤ 0.10024
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-22T01:40:38.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T14:13:45.514337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T14:13:48.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Catalyst-Plugin-Authentication",
"product": "Catalyst::Plugin::Authentication",
"programFiles": [
"lib/Catalyst/Authentication/Credential/Password.pm"
],
"programRoutines": [
{
"name": "Catalyst::Authentication::Credential::Password::check_password"
}
],
"repo": "https://github.com/perl-catalyst/Catalyst-Plugin-Authentication",
"vendor": "JJNAPIORK",
"versions": [
{
"lessThanOrEqual": "0.10024",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.\n\nThese versions use Perl\u0027s built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T21:07:26.432Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_025/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.10026 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5091",
"datePublished": "2026-05-21T21:07:26.432Z",
"dateReserved": "2026-03-28T19:36:44.345Z",
"dateUpdated": "2026-05-22T14:13:48.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46473 (GCVE-0-2026-46473)
Vulnerability from cvelistv5 – Published: 2026-05-21 18:53 – Updated: 2026-05-21 21:31
VLAI
Title
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand
Summary
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Severity
7.5 (High)
CWE
- CWE-331 - Insufficient Entropy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/TCHATZI/Authen-TOTP-… | release-notes |
| https://github.com/tchatzi/Authen-TOTP/commit/d04… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TCHATZI | Authen::TOTP |
Affected:
0 , < 0.1.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-46473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T19:17:39.999382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T19:18:00.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-21T21:31:45.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Authen-TOTP",
"product": "Authen::TOTP",
"programFiles": [
"lib/Authen/TOTP.pm"
],
"programRoutines": [
{
"name": "Authen::TOTP::gen_secret"
}
],
"repo": "https://github.com/tchatzi/Authen-TOTP",
"vendor": "TCHATZI",
"versions": [
{
"lessThan": "0.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.\n\nSecrets were generated using Perl\u0027s built-in rand function, which is predictable and unsuitable for security usage."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T18:53:18.547Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TCHATZI/Authen-TOTP-0.1.1/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tchatzi/Authen-TOTP/commit/d04f30cc6538d77fc6b6d550da450cf3017b8561.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.1.1 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-46473",
"datePublished": "2026-05-21T18:53:18.547Z",
"dateReserved": "2026-05-14T17:55:07.623Z",
"dateUpdated": "2026-05-21T21:31:45.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47372 (GCVE-0-2026-47372)
Vulnerability from cvelistv5 – Published: 2026-05-20 22:08 – Updated: 2026-05-21 14:12
VLAI
Title
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts
Summary
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
Severity
9.1 (Critical)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/RRWO/Crypt-SaltedHas… | release-notes |
| https://github.com/robrwo/perl-Crypt-SaltedHash/c… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RRWO | Crypt::SaltedHash |
Affected:
0 , ≤ 0.09
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-21T00:37:36.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/20/22"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-47372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T14:12:06.289235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T14:12:28.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-SaltedHash",
"product": "Crypt::SaltedHash",
"programFiles": [
"lib/Crypt/SaltedHash.pm"
],
"programRoutines": [
{
"name": "Crypt::SaltedHash::__generate_hex_salt"
}
],
"repo": "https://github.com/robrwo/perl-Crypt-SaltedHash",
"vendor": "RRWO",
"versions": [
{
"lessThanOrEqual": "0.09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.\n\nThese versions use the built-in rand function, which is predictable and unsuitable for cryptography."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T22:08:12.703Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.10 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-47372",
"datePublished": "2026-05-20T22:08:12.703Z",
"dateReserved": "2026-05-19T16:17:52.855Z",
"dateUpdated": "2026-05-21T14:12:28.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47373 (GCVE-0-2026-47373)
Vulnerability from cvelistv5 – Published: 2026-05-20 20:25 – Updated: 2026-05-21 14:10
VLAI
Title
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks
Summary
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.
Severity
7.5 (High)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/RRWO/Crypt-SaltedHas… | release-notes |
| https://github.com/robrwo/perl-Crypt-SaltedHash/c… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RRWO | Crypt::SaltedHash |
Affected:
0 , ≤ 0.09
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-20T22:31:06.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/20/21"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-47373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T14:10:26.303000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T14:10:59.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-SaltedHash",
"product": "Crypt::SaltedHash",
"programFiles": [
"lib/Crypt/SaltedHash.pm"
],
"programRoutines": [
{
"name": "Crypt::SaltedHash::validate"
}
],
"repo": "https://github.com/robrwo/perl-Crypt-SaltedHash",
"vendor": "RRWO",
"versions": [
{
"lessThanOrEqual": "0.09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.\n\nThese versions use Perl\u0027s built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T20:25:49.785Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.10 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-47373",
"datePublished": "2026-05-20T20:25:49.785Z",
"dateReserved": "2026-05-19T16:17:52.856Z",
"dateUpdated": "2026-05-21T14:10:59.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5090 (GCVE-0-2026-5090)
Vulnerability from cvelistv5 – Published: 2026-05-19 21:30 – Updated: 2026-05-22 06:39
VLAI
Title
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected
Summary
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected.
The html_filter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in
<a id='ref' title='[% var | html %]'>
would not be properly escaped. An attacker could insert some limited HTML and JavaScript, for example,
var = " ' onclick='while (true) { alert(1) }'"
Note that arbitrary HTML and JavaScript would be difficult to inject, because angle brackets, ampersands and double-quotes would still be escaped.
Severity
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/abw/Template2/issues/327 | issue-tracking |
| https://github.com/abw/Template2/pull/337/changes… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TODDR | Template::Plugin::HTML |
Affected:
0 , ≤ 3.102
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-19T23:25:21.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/40"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T13:45:07.748170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T13:45:31.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Template-Toolkit",
"product": "Template::Plugin::HTML",
"programFiles": [
"lib/Template/Plugin/HTML.pm"
],
"programRoutines": [
{
"name": "Template::Plugin::HTML::html_filter"
}
],
"repo": "https://github.com/abw/Template2",
"vendor": "TODDR",
"versions": [
{
"lessThanOrEqual": "3.102",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected.\n\nThe html_filter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable \"var\" in\n\n \u003ca id=\u0027ref\u0027 title=\u0027[% var | html %]\u0027\u003e\n\nwould not be properly escaped. An attacker could insert some limited HTML and JavaScript, for example,\n\n var = \" \u0027 onclick=\u0027while (true) { alert(1) }\u0027\"\n\nNote that arbitrary HTML and JavaScript would be difficult to inject, because angle brackets, ampersands and double-quotes would still be escaped."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T06:39:14.682Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/abw/Template2/issues/327"
},
{
"tags": [
"patch"
],
"url": "https://github.com/abw/Template2/pull/337/changes/11c78a7a771d4af505efeb754a0b8775689c2eae"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 3.103."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-12-01T00:00:00.000Z",
"value": "Issue reported in GitHub."
},
{
"lang": "en",
"time": "2026-02-21T00:00:00.000Z",
"value": "Pull request submitted."
},
{
"lang": "en",
"time": "2026-03-22T00:00:00.000Z",
"value": "Pull request merged."
},
{
"lang": "en",
"time": "2026-03-22T00:00:00.000Z",
"value": "Issue reported to CPANSec."
},
{
"lang": "en",
"time": "2026-03-28T00:00:00.000Z",
"value": "CVE assigned."
}
],
"title": "Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected",
"workarounds": [
{
"lang": "en",
"value": "Attribute values in templates that contain escaped HTML should use double quotes instead of single quotes."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5090",
"datePublished": "2026-05-19T21:30:03.552Z",
"dateReserved": "2026-03-28T19:35:11.737Z",
"dateUpdated": "2026-05-22T06:39:14.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8788 (GCVE-0-2026-8788)
Vulnerability from cvelistv5 – Published: 2026-05-18 06:34 – Updated: 2026-05-19 12:45
VLAI
Title
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections
Summary
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.
The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names.
Severity
7.3 (High)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/RRWO/Net-Statsd-Lite… | release-notes |
| https://www.cve.org/CVERecord?id=CVE-2026-46719 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RRWO | Net::Statsd::Lite |
Affected:
0 , ≤ 0.10.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T12:45:22.290912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T12:45:27.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Net-Statsd-Lite",
"product": "Net::Statsd::Lite",
"programRoutines": [
{
"name": "Net::Statsd::Lite::record_metric"
}
],
"repo": "https://github.com/robrwo/Net-Statsd-Lite",
"vendor": "RRWO",
"versions": [
{
"lessThanOrEqual": "0.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.\n\nThe values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.\n\nNote that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T06:34:24.030Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.10.1/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46719"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Net::Statsd::Lite version 0.10.1 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Issue reported to CPANSec"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Author notified"
},
{
"lang": "en",
"time": "2026-05-16T00:00:00.000Z",
"value": "Fix released for CVE-2026-46719"
},
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "CVE-2026-8788 identified by author"
},
{
"lang": "en",
"time": "2025-05-17T00:00:00.000Z",
"value": "Fix released for CVE-2026-8788"
}
],
"title": "Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections",
"workarounds": [
{
"lang": "en",
"value": "In version 0.10.0, use the secure_set_add method which logs an HMAC digest of the value instead of the raw value.\n\nValidate that all values sent to the client based on untrusted data do not contain metric injections."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8788",
"datePublished": "2026-05-18T06:34:24.030Z",
"dateReserved": "2026-05-17T12:01:20.592Z",
"dateUpdated": "2026-05-19T12:45:27.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8721 (GCVE-0-2026-8721)
Vulnerability from cvelistv5 – Published: 2026-05-17 18:51 – Updated: 2026-05-18 12:56
VLAI
Title
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs
Summary
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.
Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded.
The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.
Severity
9.8 (Critical)
CWE
- CWE-170 - Improper Null Termination
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://metacpan.org/release/JONASBN/Crypt-OpenSS… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JONASBN | Crypt::OpenSSL::PKCS12 |
Affected:
0 , ≤ 1.94
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-17T21:18:34.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/17/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:56:25.907387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:56:41.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-OpenSSL-PKCS12",
"product": "Crypt::OpenSSL::PKCS12",
"programFiles": [
"PKCS12.xs"
],
"programRoutines": [
{
"name": "Crypt::OpenSSL::PKCS12::mac_ok"
},
{
"name": "Crypt::OpenSSL::PKCS12::changepass"
},
{
"name": "Crypt::OpenSSL::PKCS12::create"
},
{
"name": "Crypt::OpenSSL::PKCS12::create_as_string"
},
{
"name": "Crypt::OpenSSL::PKCS12::certificate"
},
{
"name": "Crypt::OpenSSL::PKCS12::ca_certificate"
},
{
"name": "Crypt::OpenSSL::PKCS12::private_key"
},
{
"name": "Crypt::OpenSSL::PKCS12::info_as_hash"
},
{
"name": "Crypt::OpenSSL::PKCS12::info"
}
],
"repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
"vendor": "JONASBN",
"versions": [
{
"lessThanOrEqual": "1.94",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.\n\nPassword parameters in PKCS12.xs are declared char *, which routes through Perl\u0027s default typemap to SvPV_nolen. The Perl length is discarded.\n\nThe C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170 Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-17T18:51:41.420Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 1.95 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "CPANSec identified issue"
},
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Author was notified"
},
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Maintainer released patch version"
}
],
"title": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8721",
"datePublished": "2026-05-17T18:51:41.420Z",
"dateReserved": "2026-05-16T01:07:36.063Z",
"dateUpdated": "2026-05-18T12:56:41.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8507 (GCVE-0-2026-8507)
Vulnerability from cvelistv5 – Published: 2026-05-17 18:43 – Updated: 2026-05-18 12:55
VLAI
Title
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws
Summary
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
Severity
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/JONASBN/Crypt-OpenSS… | release-notes |
| https://github.com/dsully/perl-crypt-openssl-pkcs… | issue-tracking |
| https://github.com/dsully/perl-crypt-openssl-pkcs… | issue-tracking |
| https://github.com/dsully/perl-crypt-openssl-pkcs… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JONASBN | Crypt::OpenSSL::PKCS12 |
Affected:
0 , ≤ 1.94
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-17T21:18:33.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/17/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:54:57.804332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:55:51.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-OpenSSL-PKCS12",
"product": "Crypt::OpenSSL::PKCS12",
"programFiles": [
"PKCS12.xs"
],
"programRoutines": [
{
"name": "Crypt::OpenSSL::PKCS12::info"
},
{
"name": "Crypt::OpenSSL::PKCS12::info_as_hash"
}
],
"repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
"vendor": "JONASBN",
"versions": [
{
"lessThanOrEqual": "1.94",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.\n\nWhen parsing a PKCS12 file, with a \u003e= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew()."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T00:08:32.838Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 1.95 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Issue discovered"
},
{
"lang": "en",
"time": "2026-05-16T00:00:00.000Z",
"value": "Maintainer notified"
},
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Public disclosure"
},
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Crypt-OpenSSL-PKCS12 1.95 released."
}
],
"title": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws",
"workarounds": [
{
"lang": "en",
"value": "Do not parse untrusted PKCS12 files via info or info_as_hash."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8507",
"datePublished": "2026-05-17T18:43:05.863Z",
"dateReserved": "2026-05-13T22:45:07.737Z",
"dateUpdated": "2026-05-18T12:55:51.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46720 (GCVE-0-2026-46720)
Vulnerability from cvelistv5 – Published: 2026-05-17 17:51 – Updated: 2026-05-26 22:47
VLAI
Title
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections
Summary
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
Severity
8.2 (High)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/RRWO/Net-Statsd-Tiny… | release-notes |
| https://github.com/robrwo/Net-Statsd-Tiny/commit/… | patch |
| https://www.cve.org/CVERecord?id=CVE-2026-46719 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RRWO | Net::Statsd::Tiny |
Affected:
0 , < 0.3.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-46720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:54:22.223047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:54:25.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Net-Statsd-Tiny",
"product": "Net::Statsd::Tiny",
"programRoutines": [
{
"name": "Net::Statsd::Tiny::_record"
}
],
"repo": "https://github.com/robrwo/Net-Statsd-Tiny",
"vendor": "RRWO",
"versions": [
{
"lessThan": "0.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.\n\nThe metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T22:47:36.662Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Net-Statsd-Tiny-v0.3.8/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/robrwo/Net-Statsd-Tiny/commit/06f814f52fbcc0b2afddf7a2d6f8137fd3cede13.patch"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46719"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Net::Statsd::Tiny version 0.3.8 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Issue reported to CPANSec"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Author notified"
},
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Fix released"
}
],
"title": "Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections",
"workarounds": [
{
"lang": "en",
"value": "Apply the patch.\n\nAlternatively, validate that all metrics and setr values sent to the client based on untrusted data do not contain metric injections\n\nThis is the same issue CVE-2026-46719 that affected Net::Statsd::Lite."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-46720",
"datePublished": "2026-05-17T17:51:41.133Z",
"dateReserved": "2026-05-16T00:56:00.338Z",
"dateUpdated": "2026-05-26T22:47:36.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46719 (GCVE-0-2026-46719)
Vulnerability from cvelistv5 – Published: 2026-05-16 13:37 – Updated: 2026-05-19 12:51
VLAI
Title
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections
Summary
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.
The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
Severity
6.5 (Medium)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/RRWO/Net-Statsd-Lite… | release-notes |
| https://github.com/robrwo/Net-Statsd-Lite/commit/… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RRWO | Net::Statsd::Lite |
Affected:
0 , < 0.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-16T20:15:59.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/16/9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-46719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T12:51:17.582054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T12:51:28.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Net-Statsd-Lite",
"product": "Net::Statsd::Lite",
"programRoutines": [
{
"name": "Net::Statsd::Lite::record_metric"
}
],
"repo": "https://github.com/robrwo/Net-Statsd-Lite",
"vendor": "RRWO",
"versions": [
{
"lessThan": "0.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.\n\nThe metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T13:37:22.000Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.9.0/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/robrwo/Net-Statsd-Lite/commit/e1a8ab866d75c2827982134e9cf7e51a7f771153.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Net::Statsd::Lite version 0.9.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Issue reported to CPANSec"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Author notified"
},
{
"lang": "en",
"time": "2026-05-16T00:00:00.000Z",
"value": "Fix released"
}
],
"title": "Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections",
"workarounds": [
{
"lang": "en",
"value": "Apply the patch.\n\nAlternatively, validate that all metrics sent to the client based on untrusted data do not contain metric injections."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-46719",
"datePublished": "2026-05-16T13:37:22.000Z",
"dateReserved": "2026-05-16T00:56:00.338Z",
"dateUpdated": "2026-05-19T12:51:28.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8704 (GCVE-0-2026-8704)
Vulnerability from cvelistv5 – Published: 2026-05-15 22:18 – Updated: 2026-05-18 15:06
VLAI
Title
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified
Summary
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
Severity
6.5 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIMLEGGE | Crypt::DSA |
Affected:
0 , ≤ 1.19
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-16T00:31:20.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T15:05:39.380389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T15:06:15.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-DSA",
"product": "Crypt::DSA",
"programFiles": [
"lib/Crypt/DSA/Key.pm"
],
"programRoutines": [
{
"name": "Crypt::DSA::read"
},
{
"name": "Crypt::DSA::write"
}
],
"repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
"vendor": "TIMLEGGE",
"versions": [
{
"lessThanOrEqual": "1.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T22:18:15.917Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"
},
{
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/Key.pm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 1.20"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "CPANSec identified issue"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Author was notified"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Version 1.20 released."
}
],
"title": "Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8704",
"datePublished": "2026-05-15T22:18:15.917Z",
"dateReserved": "2026-05-15T18:08:24.117Z",
"dateUpdated": "2026-05-18T15:06:15.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8700 (GCVE-0-2026-8700)
Vulnerability from cvelistv5 – Published: 2026-05-15 22:10 – Updated: 2026-05-18 15:04
VLAI
Title
Crypt::DSA versions before 1.20 for Perl generate seeds using rand
Summary
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Severity
7.3 (High)
CWE
- CWE-331 - Insufficient Entropy
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIMLEGGE | Crypt::DSA |
Affected:
0 , < 1.20
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-16T00:31:19.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/26"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T15:03:59.437060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T15:04:20.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-DSA",
"product": "Crypt::DSA",
"programFiles": [
"lib/Crypt/DSA/KeyChain.pm"
],
"programRoutines": [
{
"name": "Crypt::DSA::generate_params"
}
],
"repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA.git",
"vendor": "TIMLEGGE",
"versions": [
{
"lessThan": "1.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::DSA versions before 1.20 for Perl generate seeds using rand.\n\nSeeds were generated using Perl\u0027s built-in rand function, which is predictable and unsuitable for security usage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T22:10:52.242Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"
},
{
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 1.20 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "CPANSec identified issue"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Author was notified"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Version 1.20 released."
}
],
"title": "Crypt::DSA versions before 1.20 for Perl generate seeds using rand",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8700",
"datePublished": "2026-05-15T22:10:52.242Z",
"dateReserved": "2026-05-15T17:20:11.254Z",
"dateUpdated": "2026-05-18T15:04:20.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46474 (GCVE-0-2026-46474)
Vulnerability from cvelistv5 – Published: 2026-05-15 17:41 – Updated: 2026-05-18 15:01
VLAI
Title
Trog::TOTP versions before 1.006 for Perl generate secrets using rand
Summary
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Severity
7.5 (High)
CWE
- CWE-331 - Insufficient Entropy
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TEODESIAN | Trog::TOTP |
Affected:
0 , < 1.006
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-15T21:23:28.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/18"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-46474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T15:00:59.850793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T15:01:38.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Trog-TOTP",
"product": "Trog::TOTP",
"programFiles": [
"lib/Trog/TOTP.pm"
],
"programRoutines": [
{
"name": "Trog::TOTP::_gen_secret"
}
],
"repo": "https://github.com/teodesian/Trog-TOTP",
"vendor": "TEODESIAN",
"versions": [
{
"lessThan": "1.006",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trog::TOTP versions before 1.006 for Perl generate secrets using rand.\n\nSecrets were generated using Perl\u0027s built-in rand function, which is predictable and unsuitable for security usage."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T17:41:32.229Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/changes"
},
{
"url": "https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/diff/TEODESIAN/Trog-TOTP-1.005#lib/Trog/TOTP.pm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 1.006 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "CPANSec identified issue"
},
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Author was notified"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Version 1.006 released."
}
],
"title": "Trog::TOTP versions before 1.006 for Perl generate secrets using rand",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-46474",
"datePublished": "2026-05-15T17:41:32.229Z",
"dateReserved": "2026-05-14T17:55:07.623Z",
"dateUpdated": "2026-05-18T15:01:38.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8669 (GCVE-0-2026-8669)
Vulnerability from cvelistv5 – Published: 2026-05-15 13:31 – Updated: 2026-05-15 21:23
VLAI
Title
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files
Summary
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file.
The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.
Severity
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/TONYC/Imager-1.031/s… | release-notes |
| https://github.com/tonycoz/imager/commit/782e9c06… | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T15:39:40.620391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T15:40:04.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-15T21:23:31.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Imager",
"product": "Imager",
"programFiles": [
"GIF/imgif.c"
],
"programRoutines": [
{
"name": "Imager::File::GIF::i_readgif_multi_low"
}
],
"repo": "https://github.com/tonycoz/imager",
"vendor": "TONYC",
"versions": [
{
"lessThanOrEqual": "1.030",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.\n\nImager::File::GIF\u0027s i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF\u0027s global screen width \u0027SWidth\u0027 and reuses it across every image in the file.\n\nThe page-match branch validates Image.Width + Image.Left \u003e SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:36:36.480Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TONYC/Imager-1.031/source/Changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Imager 1.031."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-12T00:00:00.000Z",
"value": "Issue identified"
},
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Issue reported to maintainer"
},
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Maintainer acknowledged the report"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Fixed version released"
}
],
"title": "Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8669",
"datePublished": "2026-05-15T13:31:14.449Z",
"dateReserved": "2026-05-15T11:19:04.001Z",
"dateUpdated": "2026-05-15T21:23:31.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8503 (GCVE-0-2026-8503)
Vulnerability from cvelistv5 – Published: 2026-05-15 11:06 – Updated: 2026-05-15 15:37
VLAI
Title
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids
Summary
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.
Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.
This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.
Severity
6.5 (Medium)
CWE
Assigner
References
5 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GUIMARD | Apache::Session::Generate::SHA256 |
Affected:
0 , < 1.3.19
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T15:36:59.141220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T15:37:28.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Apache-Session-Browsable",
"product": "Apache::Session::Generate::SHA256",
"programFiles": [
"lib/Apache/Session/Generate/SHA256.pm"
],
"programRoutines": [
{
"name": "Apache::Session::Generate::SHA256#generate"
}
],
"repo": "https://github.com/LemonLDAPNG/Apache-Session-Browseable",
"vendor": "GUIMARD",
"versions": [
{
"lessThan": "1.3.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.\n\nApache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.\n\nNote that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.\n\nThis issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-102",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-102 Session Sidejacking"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:06:29.777Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/GUIMARD/Apache-Session-Browseable-1.3.19/changes"
},
{
"url": "https://metacpan.org/release/GUIMARD/Apache-Session-Browseable-1.3.19/diff/GUIMARD/Apache-Session-Browseable-1.3.18#lib/Apache/Session/Generate/SHA256.pm"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/cc915cbbd266776eec3dd8bf4748b15fa827dbd0.patch"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40931"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40932"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Issue identified by CPANSec"
},
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Issue reported to author"
},
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Version 1.3.19 released"
}
],
"title": "Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to version 1.3.19 or later."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8503",
"datePublished": "2026-05-15T11:06:29.777Z",
"dateReserved": "2026-05-13T21:07:03.760Z",
"dateUpdated": "2026-05-15T15:37:28.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8454 (GCVE-0-2026-8454)
Vulnerability from cvelistv5 – Published: 2026-05-15 10:57 – Updated: 2026-05-15 21:23
VLAI
Title
Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files
Summary
Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file.
The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.
Severity
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://metacpan.org/release/TONYC/Imager-File-GI… | release-notes |
| https://github.com/tonycoz/imager/commit/782e9c06… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TONYC | Imager::File::GIF |
Affected:
0 , ≤ 1.002
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T14:24:00.591482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T14:26:44.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-15T21:23:30.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Imager-File-GIF",
"product": "Imager::File::GIF",
"programFiles": [
"GIF/imgif.c"
],
"programRoutines": [
{
"name": "Imager::File::GIF::i_readgif_multi_low"
}
],
"repo": "https://github.com/tonycoz/imager",
"vendor": "TONYC",
"versions": [
{
"lessThanOrEqual": "1.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.\n\nImager::File::GIF\u0027s i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF\u0027s global screen width \u0027SWidth\u0027 and reuses it across every image in the file.\n\nThe page-match branch validates Image.Width + Image.Left \u003e SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:38:52.687Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TONYC/Imager-File-GIF-1.003/source/Changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Imager::File::GIF 1.003."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-12T00:00:00.000Z",
"value": "Issue identified"
},
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Issue reported to maintainer"
},
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "Maintainer acknowledged the report"
},
{
"lang": "en",
"time": "2026-05-15T00:00:00.000Z",
"value": "Fixed version released"
}
],
"title": "Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8454",
"datePublished": "2026-05-15T10:57:13.884Z",
"dateReserved": "2026-05-13T02:02:58.825Z",
"dateUpdated": "2026-05-15T21:23:30.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8612 (GCVE-0-2026-8612)
Vulnerability from cvelistv5 – Published: 2026-05-15 01:11 – Updated: 2026-05-15 14:31
VLAI
Title
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution
Summary
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.
With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without overriding the backend's documented directory_umask of 000, so the cache root and its subdirectories are created mode 0777 with no sticky bit. Cache entries are named by sha1_hex of the request and read back through Storable::thaw on the next cache hit.
A local attacker with write access to the cache tree can replace a victim's cache entry for a known URL with an arbitrary frozen HTTP::Response blob, causing the victim's next get() of that URL to return attacker controlled response bytes. Because the bytes are passed to Storable::thaw, a victim process that has loaded any class with a side-effectful STORABLE_thaw, DESTROY, or overload hook can be escalated to arbitrary code execution.
Severity
5.3 (Medium)
CWE
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OALDERS | WWW::Mechanize::Cached |
Affected:
0 , < 2.00
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-15T05:18:42.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T14:30:45.332316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T14:31:14.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "WWW-Mechanize-Cached",
"product": "WWW::Mechanize::Cached",
"programFiles": [
"lib/WWW/Mechanize/Cached.pm"
],
"programRoutines": [
{
"name": "WWW::Mechanize::Cached::_build_cache"
},
{
"name": "WWW::Mechanize::Cached::_make_request"
}
],
"repo": "https://github.com/libwww-perl/WWW-Mechanize-Cached",
"vendor": "OALDERS",
"versions": [
{
"lessThan": "2.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.\n\nWith no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without overriding the backend\u0027s documented directory_umask of 000, so the cache root and its subdirectories are created mode 0777 with no sticky bit. Cache entries are named by sha1_hex of the request and read back through Storable::thaw on the next cache hit.\n\nA local attacker with write access to the cache tree can replace a victim\u0027s cache entry for a known URL with an arbitrary frozen HTTP::Response blob, causing the victim\u0027s next get() of that URL to return attacker controlled response bytes. Because the bytes are passed to Storable::thaw, a victim process that has loaded any class with a side-effectful STORABLE_thaw, DESTROY, or overload hook can be escalated to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T01:11:55.018Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/libwww-perl/WWW-Mechanize-Cached/pull/36"
},
{
"tags": [
"patch"
],
"url": "https://github.com/libwww-perl/WWW-Mechanize-Cached/commit/b821647deeedf83490ebc1db91d959d942300ce0.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/OALDERS/WWW-Mechanize-Cached-2.00/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to WWW-Mechanize-Cached 2.00 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "WWW-Mechanize-Cached 2.00 released with fix."
}
],
"title": "WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8612",
"datePublished": "2026-05-15T01:11:55.018Z",
"dateReserved": "2026-05-14T16:30:23.954Z",
"dateUpdated": "2026-05-15T14:31:14.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8500 (GCVE-0-2026-8500)
Vulnerability from cvelistv5 – Published: 2026-05-13 22:24 – Updated: 2026-05-14 17:41
VLAI
Title
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE
Summary
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.
Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.
The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.
Severity
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVANK | Web::Passwd |
Affected:
0 , ≤ 0.03
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-14T00:35:26.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/13/8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8500",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T17:41:43.944259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T17:41:51.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Web-Passwd",
"product": "Web::Passwd",
"programFiles": [
"lib/Web/Passwd.pm"
],
"programRoutines": [
{
"name": "Web::Passwd::htfile_moduser"
},
{
"name": "Web::Passwd::htfile_deluser"
}
],
"vendor": "EVANK",
"versions": [
{
"lessThanOrEqual": "0.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.\n\nWeb::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.\n\nThe user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T22:24:42.216Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/EVANK/Web-Passwd-0.03"
},
{
"url": "https://httpd.apache.org/docs/current/programs/htpasswd.html"
}
],
"solutions": [
{
"lang": "en",
"value": "This application has not been updated since 2007 and appears to have been abandoned. Use other solutions."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2007-02-08T00:00:00.000Z",
"value": "Web::Passwd 0.03 was released"
}
],
"title": "Web::Passwd versions through 0.03 for Perl is vulnerable to RCE",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8500",
"datePublished": "2026-05-13T22:24:42.216Z",
"dateReserved": "2026-05-13T20:31:51.641Z",
"dateUpdated": "2026-05-14T17:41:51.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}