IP Input Validation Issue in Net::CIDR::Lite by Perl
CVE-2026-45190

Currently unrated

Key Information:

Vendor

Stigtsp

Status
Net::cidr::lite
Vendor
CVE Published:
10 May 2026

What is CVE-2026-45190?

The Net::CIDR::Lite library for Perl, prior to version 0.24, has a critical flaw in its input validation mechanism for IP addresses and CIDR masks. It improperly handles inputs containing trailing newlines or non-ASCII digits, which can lead to potential bypass of IP Access Control Lists (ACLs). This flaw allows crafted inputs to be incorrectly processed, resulting in false positives and negatives when searching for addresses. For instance, valid looking input may translate into an unexpected address after parsing, raising significant security concerns.

Affected Version(s)

Net::CIDR::Lite 0 < 0.24

References

https://github.com/stigtsp/Net-CIDR-Lite/commit/ca9542ade...
patch
https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.24/c...
release-notes
https://www.cve.org/CVERecord?id=CVE-2026-45191
related

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.