Symlink Vulnerability in DBD::File for Perl Affects File-Based Drivers
CVE-2026-15392

Currently unrated

Key Information:

Vendor

Hmbrand

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-15392?

The DBD::File module for Perl prior to version 1.651 has a symlink vulnerability that permits file-based drivers to read or write files outside of their designated data directory. This occurs due to the improper handling of symbolic links in the complete_table_name method, which constructs absolute paths without validating if they point to unauthorized locations. As a result, users may unintentionally expose sensitive data or allow file manipulation by exploiting these links. It's crucial for users to update to the latest version to mitigate this risk.

Affected Version(s)

DBD::File 0 < 1.651

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.