CVE-2026-8500

Published: Mag 14, 2026 Last Modified: Mag 14, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.

Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.

The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.

78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities
Applicable Platforms
Technologies: AI/ML, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
https://httpd.apache.org/docs/current/programs/htpasswd.html
https://httpd.apache.org/docs/current/programs/htpasswd.html
https://metacpan.org/release/EVANK/Web-Passwd-0.03
https://metacpan.org/release/EVANK/Web-Passwd-0.03
http://www.openwall.com/lists/oss-security/2026/05/13/8
http://www.openwall.com/lists/oss-security/2026/05/13/8