CVE-2026-46740

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.

The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-93

Related Identifiers

CVE-2026-46740

Affected Products

Mojolicious::Plugin::Statsd

CVE-2026-46740

Weakness Enumeration

Related Identifiers

Affected Products

References · 4