CVE-2026-46739
MEDIUMNet::Statsd versions before 0.13 for Perl allow metric injections
Title source: cnaDescription
Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection).
References (3)
Core 3
Core References
Issue Tracking issue-tracking
https://github.com/cosimo/perl5-net-statsd/pull/10
Related related
https://www.cve.org/CVERecord?id=CVE-2026-46719
Related related
https://www.cve.org/CVERecord?id=CVE-2026-46720
Scores
CVSS v3
5.3
EPSS
0.0027
EPSS Percentile
18.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-93
Status
published
Products (2)
COSIMO/Net::Statsd
< 0.13
cosimo/net\
< 0.13
Published
Jun 04, 2026
Tracked Since
Jun 04, 2026