CVE-2026-8722
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. Metric names are not checked for newlines, colons, or pipes, allowing for the injection of additional metrics from untrusted sources.
Risk Assessment
Organizations may be exposed to data manipulation, leading to incorrect analyses and decisions based on false information.
Recommendation
It is recommended to upgrade to the latest version of Net::Async::Statsd::Client to minimize the risk of metric injection.
Original NVD description (English source)
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

