CVE-2026-45180

Published: Mag 10, 2026 Last Modified: Mag 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids.

If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.

319

Cleartext Transmission of Sensitive Information

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality
Potential Impacts:
Read Application Data Modify Files Or Directories Other
Applicable Platforms
Technologies: Cloud Computing, ICS/OT, Mobile, Not Technology-Specific, System on Chip, Test/Debug Hardware
Likelihood of Exploit: High
View CWE Details
https://github.com/robrwo/CatalystX-Statsd/security/advisor…
https://github.com/robrwo/CatalystX-Statsd/security/advisories/GHSA-gjvr-hq83-f…
https://github.com/robrwo/Plack-Middleware-Statsd/security/…
https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-9gwm…
https://metacpan.org/release/RRWO/Catalyst-Plugin-Statsd-v0…
https://metacpan.org/release/RRWO/Catalyst-Plugin-Statsd-v0.10.0/changes
https://www.cve.org/CVERecord?id=CVE-2026-45179
https://www.cve.org/CVERecord?id=CVE-2026-45179