IP Access Control Bypass in Net::CIDR::Lite for Perl
CVE-2026-45191

Currently unrated

Key Information:

Vendor

Stigtsp

Status
Net::cidr::lite
Vendor
CVE Published:
10 May 2026

What is CVE-2026-45191?

Net::CIDR::Lite for Perl versions before 0.24 are susceptible to an IP Access Control List (ACL) bypass. This vulnerability arises from the library's inadequate handling of extraneous zero characters in CIDR mask values, permitting input forms like '/00' and '/01' to pass validation. These padded values equate to their un-padded counterparts, potentially allowing unauthorized access by misinterpreting the intended IP ACL settings.

Affected Version(s)

Net::CIDR::Lite 0 < 0.24

References

https://github.com/stigtsp/Net-CIDR-Lite/commit/24e2c439e...
patch
https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.24/c...
release-notes
https://www.cve.org/CVERecord?id=CVE-2026-45190
related

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.