CVE-2026-46719
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. Metric names were not checked for newlines, colons, or pipes, allowing additional metrics to be injected from untrusted sources.
Risk Assessment
Organizations may be exposed to unauthorized metric injections, potentially leading to false statistical data and monitoring issues.
Recommendation
It is recommended to upgrade to version 0.9.0 or later to mitigate the risk of metric injections.
Original NVD description (English source)
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

