CVE-2026-46741

Published: Giu 04, 2026 Last Modified: Giu 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Etsy::StatsD versions through 1.002002 for Perl allow metric injections.

The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Modify Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://www.cve.org/CVERecord?id=CVE-2026-46719

https://www.cve.org/CVERecord?id=CVE-2026-46720

CVE-2026-46741

Description

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter