CVE-2026-49940
MediumCVSS 6.5Summary
Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers, which could allow network masks to accept larger networks.
Risk Assessment
The ability to accept larger networks through network masks may lead to unauthorized access or improper network management, posing a risk to the organization's security.
Recommendation
It is recommended to update to the latest version of Net::CIDR::Set to eliminate the possibility of accepting invalid IP addresses and netmasks.
Original NVD description (English source)
Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks.

