Metric Injection Vulnerability in Net::Statsd::Lite by RRWO
CVE-2026-46719

Currently unrated

Key Information:

Vendor

Rrwo

Status
Net::statsd::lite
Vendor
CVE Published:
16 May 2026

What is CVE-2026-46719?

The Net::Statsd::Lite library for Perl prior to version 0.9.0 is susceptible to a metric injection vulnerability. This flaw arises from a failure to validate metric names for the presence of newlines, colons, or pipes. Consequently, metrics sourced from untrusted origins have the potential to inject additional StatsD metrics, compromising the integrity of the metrics framework. Users relying on this library should upgrade to the latest version to mitigate the risks associated with this issue.

Affected Version(s)

Net::Statsd::Lite 0 < 0.9.0

References

https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.9.0/...
release-notes
https://github.com/robrwo/Net-Statsd-Lite/commit/e1a8ab86...
patch

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.