CVE-2026-49940

MEDIUM 6.5

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks.

CWE	CWE-1289
Vendor	rrwo
Product	net::cidr::set
Published	Jun 4, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for rrwo net::cidr::set

Be the first to know when new medium vulnerabilities affecting rrwo net::cidr::set are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

RRWO / Net::CIDR::Set

0 ≤ 0.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗

metacpan.org: https://metacpan.org/release/RRWO/Net-CIDR-Set-0.21/changes nvd.nist.gov: https://nvd.nist.gov/vuln/detail/CVE-2025-40911