CVE-2026-46739

Published: Giu 04, 2026 Last Modified: Giu 08, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none

Description

AI Translation Available

Net::Statsd versions before 0.13 for Perl allow metric injections.

The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 7 Days)

93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Modify Application Data
Applicable Platforms
All platforms may be affected
View CWE Details
Application

Net\ by Cosimo

Product Information
Vendor Cosimo
Product Net\
Version \
Version Range Affected
To 0.13 (exclusive)
cpe:2.3:a:cosimo:net\:\:statsd:*:*:*:*:*:perl:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/cosimo/perl5-net-statsd/pull/10
https://github.com/cosimo/perl5-net-statsd/pull/10
https://www.cve.org/CVERecord?id=CVE-2026-46719
https://www.cve.org/CVERecord?id=CVE-2026-46719
https://www.cve.org/CVERecord?id=CVE-2026-46720
https://www.cve.org/CVERecord?id=CVE-2026-46720