CVE-2026-49941
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/06/2026
Last modified:
08/06/2026
Description
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses.<br />
<br />
The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit netmask.<br />
<br />
If the argument was not a well-formed IP address, then this would lead to indefinite recursion.<br />
<br />
An attacker could use this to cause a denial of service.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:rrwo:net\:\:cidr\:\:set:*:*:*:*:*:perl:*:* | 0.21 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



