CVE-2026-11362

Published: Giu 05, 2026 Last Modified: Giu 05, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags.

DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources.

The format_event method (used by the event method) does not validate the content of the tags, which may contain commas (allowing tags to be injected) or newlines, pipes and colons that allow metric injections. (There is an ineffective s/|//g to remove pipes, but because the pipe is not escaped, it is interpreted as a regular expression metacharacter and has no effect.)

93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Modify Application Data
Applicable Platforms
All platforms may be affected
View CWE Details
150

Improper Neutralization of Escape, Meta, or Control Sequences

Incomplete
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Execute Unauthorized Code Or Commands Hide Activities Unexpected State
Applicable Platforms
Technologies: AI/ML
View CWE Details
https://www.cve.org/CVERecord?id=CVE-2026-46719
https://www.cve.org/CVERecord?id=CVE-2026-46719
https://www.cve.org/CVERecord?id=CVE-2026-46720
https://www.cve.org/CVERecord?id=CVE-2026-46720
https://www.cve.org/CVERecord?id=CVE-2026-46741
https://www.cve.org/CVERecord?id=CVE-2026-46741