CVE Catalog

CVE-2026-11373

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Newlines are not removed from metric names, allowing for these injections.

Risk Assessment

Organizations may be exposed to data manipulation of metrics, potentially leading to false analyses and reports.

Recommendation

It is recommended to upgrade to the latest version of Net::Statsite::Client to eliminate the possibility of metric injections.

Original NVD description (English source)

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS