PT-2026-43429 · Rrwo+1 · Mojolicious::Plugin::Statsd+1

Robert Rothenberg

·

Published

2026-05-26

·

Updated

2026-06-19

·

CVE-2026-46740

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Mojolicious::Plugin::Statsd versions prior to 0.06
Description This issue allows metric injections when processing data from untrusted sources. The software fails to validate metric names and set values for the presence of newlines, colons, or pipes, which can be used to inject additional statsd metrics.
Recommendations Update Mojolicious::Plugin::Statsd to version 0.06 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46740

Affected Products

Mojolicious::Plugin::Statsd
Perl-Mojolicious-Plugin-Statsd