CVE-2026-46719

Severity CVSS v4.0:

Pending analysis

Type:

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

Publication date:

16/05/2026

Last modified:

16/05/2026

Description

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.<br /> <br /> The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Impact

References to Advisories, Solutions, and Tools

https://github.com/robrwo/Net-Statsd-Lite/commit/e1a8ab866d75c2827982134e9cf7e51a7f771153.patch
https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.9.0/changes
http://www.openwall.com/lists/oss-security/2026/05/16/9