CVE-2026-8722
MEDIUMNet::Async::Statsd::Client versions through 0.005 for Perl allow metric injections
Title source: cnaDescription
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
References (2)
Core 2
Core References
Related related
https://www.cve.org/CVERecord?id=CVE-2026-46719
Related related
https://www.cve.org/CVERecord?id=CVE-2026-46720
Scores
CVSS v3
6.5
EPSS
0.0020
EPSS Percentile
10.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-93
Status
published
Products (2)
TEAM/Net::Async::Statsd::Client
< 0.005
team/net\
< 0.005
Published
Jun 04, 2026
Tracked Since
Jun 04, 2026