CVE-2026-45190

Published: Mag 10, 2026 Last Modified: Mag 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass.

Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the input string spelled. find() and bin_find() can match or miss addresses as a result.

Example:

my $cidr = Net::CIDR::Lite->new();
$cidr->add('::1\n/128');
$cidr->find('::1a'); # incorrectly returns true

See also CVE-2026-45191.

1289

Improper Validation of Unsafe Equivalence in Input

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/stigtsp/Net-CIDR-Lite/commit/ca9542adec8…
https://github.com/stigtsp/Net-CIDR-Lite/commit/ca9542adec87110556601d7ce48381e…
https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.24/cha…
https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.24/changes
https://www.cve.org/CVERecord?id=CVE-2026-45191
https://www.cve.org/CVERecord?id=CVE-2026-45191