CVE Catalog

CVE-2026-46719

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile - higher than 22% of all known CVEs

Summary

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. Metric names were not checked for newlines, colons, or pipes, allowing additional metrics to be injected from untrusted sources.

Risk Assessment

Organizations may be exposed to unauthorized metric injections, potentially leading to false statistical data and monitoring issues.

Recommendation

It is recommended to upgrade to version 0.9.0 or later to mitigate the risk of metric injections.

Original NVD description (English source)

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS