QwikSec

Security Database

CVE

CWE

Training

CVE-2026-8788

Published: May 18, 2026

Modified: May 19, 2026

PUBLISHED

Description

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names.

Vendor	Product	Versions
RRWO	Net::Statsd::Lite	affected `0 - <= 0.10.0`

Weaknesses (CWE)

References

https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.10.1/changes

release-notes

https://www.cve.org/CVERecord?id=CVE-2026-46719

related

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.