QwikSec

Security Database

CVE

CWE

Training

CVE-2026-45180

Published: May 10, 2026

Modified: May 12, 2026

PUBLISHED

Description

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.

Vendor	Product	Versions
RRWO	Catalyst::Plugin::Statsd	affected `0 - <= 0.10.0`

Weaknesses (CWE)

References

https://github.com/robrwo/CatalystX-Statsd/security/advisories/GHSA-gjvr-hq83-fc38

vendor-advisory

https://metacpan.org/release/RRWO/Catalyst-Plugin-Statsd-v0.10.0/changes

release-notes

https://www.cve.org/CVERecord?id=CVE-2026-45179

related

https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-9gwm-665p-w2xx

related

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.