CVE-2026-46739

EPSS 0.26%
Veröffentlicht 04.06.2026 15:45:23
Zuletzt bearbeitet 08.06.2026 16:31:06
Quelle 9b29abf9-4ab0-4765-b253-1875cd
CVE-Watchlists
Login
Unerledigt
Login

Net::Statsd versions before 0.13 for Perl allow metric injections

Net::Statsd versions before 0.13 for Perl allow metric injections.

The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cosimo ≫ Net::statsd SwPlatformperl Version < 0.13

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.17

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

https://www.cve.org/CVERecord?id=CVE-2026-46719

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2026-46720

Third Party Advisory

https://github.com/cosimo/perl5-net-statsd/pull/10

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-46739

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-46739

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-46739

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-46739