Session ID Leakage in Catalyst::Plugin::Statsd for Perl
CVE-2026-45180

Currently unrated

Key Information:

Vendor

Rrwo

Status
Catalyst::plugin::statsd
Vendor
CVE Published:
10 May 2026

What is CVE-2026-45180?

Catalyst::Plugin::Statsd, a Perl plugin, has a vulnerability that may expose session identifiers if the communication channel to the statsd daemon is not adequately secured. This exposure occurs particularly when UDP packets are sent to an unsecured host on a different network, allowing potential attackers to capture these session IDs. Such captured identifiers can be misused as authentication tokens, posing a significant security risk to affected systems.

Affected Version(s)

Catalyst::Plugin::Statsd 0 <= 0.10.0

References

https://github.com/robrwo/CatalystX-Statsd/security/advis...
vendor-advisory
https://metacpan.org/release/RRWO/Catalyst-Plugin-Statsd-...
release-notes
https://www.cve.org/CVERecord?id=CVE-2026-45179
related

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.