CVE-2026-46741
HIGHEtsy::StatsD versions through 1.002002 for Perl allow metric injections
Title source: cnaDescription
Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.
References (2)
Core 2
Core References
Related related
https://www.cve.org/CVERecord?id=CVE-2026-46719
Related related
https://www.cve.org/CVERecord?id=CVE-2026-46720
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
18.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-93
Status
published
Products (2)
SANBEG/Etsy::StatsD
< 1.002002
sanbeg/etsy\
< 1.002002
Published
Jun 04, 2026
Tracked Since
Jun 04, 2026