Medium severity5.3NVD Advisory· Published Jun 4, 2026· Updated Jun 8, 2026
CVE-2026-46739
CVE-2026-46739
Description
Net::Statsd versions before 0.13 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: <0.13
Patches
Vulnerability mechanics
References
3- github.com/cosimo/perl5-net-statsd/pull/10nvdIssue TrackingPatch
- www.cve.org/CVERecordnvdThird Party Advisory
- www.cve.org/CVERecordnvdThird Party Advisory
News mentions
0No linked articles in our index yet.