CVE-2026-49940

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/06/2026
Last modified:
08/06/2026

Description

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks.<br /> <br /> Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:rrwo:net\:\:cidr\:\:set:*:*:*:*:*:perl:*:* 0.21 (excluding)