CVE-2026-46739

MEDIUM 5.3

Net::Statsd versions before 0.13 for Perl allow metric injections

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection).

CWE	CWE-93
Vendor	cosimo
Product	net::statsd
Published	Jun 4, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for cosimo net::statsd

Be the first to know when new medium vulnerabilities affecting cosimo net::statsd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

COSIMO / Net::Statsd

0 < 0.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/cosimo/perl5-net-statsd/pull/10 cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46719 cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46720