Remote Memory Exhaustion Vulnerability in Net::BitTorrent by Sanko
CVE-2026-57081

7.5HIGH

Key Information:

Vendor: Sanko
Status: Net::bittorrent
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-57081?

The vulnerability in Net::BitTorrent for Perl enables malicious users to induce remote memory exhaustion. This occurs due to a lack of depth limitation in the bencoding decoding process, which can be exploited by sending deeply nested bencoded input. When a crafted .torrent file or a manipulated peer message containing approximately 150,000 nested lists is received, it results in multi-gigabyte memory spikes and can potentially crash the client. The issue poses a significant risk as the decoder processes data from untrusted sources, including .torrent files and DHT messages.

Affected Version(s)

Net::BitTorrent 0 <= 2.0.1

References

https://github.com/sanko/Net-BitTorrent.pm/security/advis...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 23, 2026

CVE-2026-57081 Data

JSON