πŸ” CVE Alert

CVE-2026-49145

HIGH 7.5

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include --files-from, so a project .ackrc can set it to a path whose listed files ack then reads and searches. Version 3.10.0 added --follow to the blocklist; --files-from remains accepted. A project .ackrc committed to an untrusted repository can make ack read files outside the project and print their matching lines.

CWE CWE-73 CWE-426
Vendor petdance
Product app::ack
Published Jul 8, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for petdance app::ack

Be the first to know when new high vulnerabilities affecting petdance app::ack are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

PETDANCE / App::Ack
0 ≀ 3.10.0

References

NVD β†— CVE.org β†— EPSS Data β†—
metacpan.org: https://metacpan.org/release/PETDANCE/ack-v3.10.0/source/Changes openwall.com: http://www.openwall.com/lists/oss-security/2026/07/08/7

Credits

MichaΕ‚ Majchrowicz (AFINE) Marcin Wyczechowski (AFINE)