CVE-2026-8788
HIGHNet::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections
Title source: cnaDescription
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names.
References (2)
Core 2
Core References
Release Notes release-notes
https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.10.1/changes
Related related
https://www.cve.org/CVERecord?id=CVE-2026-46719
Scores
CVSS v3
7.3
EPSS
0.0023
EPSS Percentile
13.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-93
Status
published
Products (1)
RRWO/Net::Statsd::Lite
< 0.10.0
Published
May 18, 2026
Tracked Since
May 18, 2026