CVE-2026-46720HIGH 8.2EPSS p24.8%

CVE-2026-46720CVE-2026-46720

Description

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS0.33% probability of exploitation · percentile 24.8% · 2026-06-18T12:00:27Z
Published2026-05-17
Last modified2026-05-18

Underlying weaknesses· 1

CWE-93

References

  1. https://github.com/robrwo/Net-Statsd-Tiny/commit/06f814f52fbcc0b2afddf7a2d6f8137fd3cede13.patch
  2. https://metacpan.org/release/RRWO/Net-Statsd-Tiny-v0.3.8/changes
  3. https://www.cve.org/CVERecord?id=CVE-2026-46719

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of CRLF Sequences ('CRLF Injection')cwe-930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8722
CVE
CVE-2026-46739
CVE
CVE-2026-50637
CVE
CVE-2026-46741
CVE
CVE-2026-50638
CVE
CVE-2026-50639
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.