CVE-2026-46741

HIGH 7.5

Etsy::StatsD versions through 1.002002 for Perl allow metric injections

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.

CWE	CWE-93
Vendor	sanbeg
Product	etsy::statsd
Published	Jun 4, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for sanbeg etsy::statsd

Be the first to know when new high vulnerabilities affecting sanbeg etsy::statsd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SANBEG / Etsy::StatsD

0 ≤ 1.002002

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46719 cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46720