CVE-2026-9698
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
A vulnerability in the DBI library for Perl before version 1.648 causes a buffer overflow when saving error messages. The issue occurs when RaiseError, PrintError, or HandleError options are enabled, and an attacker can influence the error text.
Risk Assessment
An attacker can exploit this buffer overflow to cause application crashes or potentially execute arbitrary code in the context of the process.
Recommendation
Immediately update the DBI library to version 1.648 or later, which includes a fix that limits the length of saved error messages.
Original NVD description (English source)
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

