CVE-2026-11373
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections.
| CWE | CWE-93 CWE-150 |
| Vendor | jasei |
| Product | net::statsite::client |
| Published | Jun 22, 2026 |
| Last Updated | Jun 22, 2026 |
Stay Ahead of the Next One
Get instant alerts for jasei net::statsite::client
Be the first to know when new critical vulnerabilities affecting jasei net::statsite::client are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
JASEI / Net::Statsite::Client
0 โค 1.1.0
References
metacpan.org: https://metacpan.org/release/JASEI/Net-Statsite-Client-1.1.0/view/lib/Net/Statsite/Client.pm security.metacpan.org: https://security.metacpan.org/patches/N/Net-Statsite-Client/1.1.0/CVE-2026-11373-r1.patch armon.github.io: http://armon.github.io/statsite cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46719 cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46720 cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46739