CVE Catalog

CVE-2026-8722

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. Metric names are not checked for newlines, colons, or pipes, allowing for the injection of additional metrics from untrusted sources.

Risk Assessment

Organizations may be exposed to data manipulation, leading to incorrect analyses and decisions based on false information.

Recommendation

It is recommended to upgrade to the latest version of Net::Async::Statsd::Client to minimize the risk of metric injection.

Original NVD description (English source)

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS