Remote Code Execution in Web::Passwd CGI Application by EVANK
CVE-2026-8500

Currently unrated

Key Information:

Vendor: Evank
Status: Web::passwd
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-8500?

Web::Passwd, a CGI application for managing htpasswd files, contains a vulnerability that allows for remote code execution due to improper user input validation. The application fails to escape or validate the 'user' parameter, which is utilized as an unfiltered command line argument. This oversight enables attackers to execute arbitrary commands on the server, potentially leading to unauthorized access or system compromise.

Affected Version(s)

Web::Passwd 0 <= 0.03

References

https://metacpan.org/release/EVANK/Web-Passwd-0.03

https://httpd.apache.org/docs/current/programs/htpasswd.html

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-8500 Data

JSON

Evank

What is CVE-2026-8500?

Affected Version(s)

References

Timeline