Etsy::StatsD versions through 1.002002 for Perl allow metric injections
CVE-2026-46741

Currently unrated

Key Information:

Vendor: Sanbeg
Status: Etsy::statsd
Vendor: CVE Published:; 4 June 2026

What is CVE-2026-46741?

Etsy::StatsD versions through 1.002002 for Perl allow metric injections.

The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.

Affected Version(s)

Etsy::StatsD 0 <= 1.002002

References

https://www.cve.org/CVERecord?id=CVE-2026-46719

https://www.cve.org/CVERecord?id=CVE-2026-46720

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
May 17, 2026

CVE-2026-46741 Data

JSON

Sanbeg

What is CVE-2026-46741?

Affected Version(s)

References

Timeline