SQL Operator Inversion in DBI::SQL::Nano for Perl Affects Data Filtering
CVE-2026-15043
Currently unrated
What is CVE-2026-15043?
DBI::SQL::Nano, a mini-SQL engine built into DBI for Perl, has incorrect evaluations of SQL operators in certain scenarios. This issue leads to the <= operator being represented by Perl's ge operator, and the >= operator being represented by Perl's le operator within the is_matched method's non-numeric string evaluations. This malfunction can result in faulty data filtering when applications invoke WHERE clauses that depend on these comparisons, potentially returning incorrect query results and impacting policy or authorization processes for file-backed data.
Affected Version(s)
DBI::SQL::Nano 1.42 < 1.651
