CVE-2026-8500

Name of the Vulnerable Software and Affected Versions Web::Passwd version 0.03

Description Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The user parameter is not validated or escaped before being used as the final argument on the command line, which enables command injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.