CVE-2026-8788

HIGH 7.3

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

8th

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names.

CWE	CWE-93
Vendor	rrwo
Product	net::statsd::lite
Published	May 18, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for rrwo net::statsd::lite

Be the first to know when new high vulnerabilities affecting rrwo net::statsd::lite are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

RRWO / Net::Statsd::Lite

0 ≤ 0.10.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

metacpan.org: https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.10.1/changes cve.org: https://www.cve.org/CVERecord?id=CVE-2026-46719