CVE-2026-8500
CriticalSummary
Web::Passwd versions through 0.03 for Perl is vulnerable to remote code execution (RCE). This application is used for managing htpasswd files, and the user parameter is not validated or escaped, allowing for command injection.
Risk Assessment
Exploitation of this vulnerability could lead to remote execution of arbitrary code on the server, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to update Web::Passwd to the latest version that fixes this vulnerability and to implement additional validation and security mechanisms for user parameters.
Original NVD description (English source)
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.

