CVE-2026-8722

EPSS 0.2%
Veröffentlicht 04.06.2026 00:17:00
Zuletzt bearbeitet 08.06.2026 16:39:33
Quelle 9b29abf9-4ab0-4765-b253-1875cd
CVE-Watchlists
Login
Unerledigt
Login

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.

The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Team ≫ Net::async::statsd::client SwPlatformperl Version <= 0.005

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

https://www.cve.org/CVERecord?id=CVE-2026-46719

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2026-46720

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-8722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-8722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-8722

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-8722