CVE-2026-8500

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
13/05/2026
Last modified:
14/05/2026

Description

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.<br /> <br /> Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.<br /> <br /> The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.