Input Validation Issue in Net::CIDR::Lite for Perl
CVE-2026-40198

Currently unrated

Key Information:

Vendor

Stigtsp

Status
Net::cidr::lite
Vendor
CVE Published:
10 April 2026

What is CVE-2026-40198?

The Net::CIDR::Lite library for Perl has a flaw that allows for improper validation of uncompressed IPv6 addresses. Specifically, versions prior to 0.23 do not ensure that these addresses contain exactly 8 hex groups, leading to possible IP Access Control List (ACL) bypasses. Invalid inputs such as 'abcd' or '1:2:3' can yield incorrect packed values, resulting in erroneous comparison outcomes during mask and range operations. This vulnerability highlights the need for robust input validation practices in the handling of IP addresses.

Affected Version(s)

Net::CIDR::Lite 0 < 0.23

References

https://github.com/stigtsp/Net-CIDR-Lite/commit/25d65f85d...
patch
https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/c...
release-notes
https://www.cve.org/CVERecord?id=CVE-2026-40199
related

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.