Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-46720: Net::Statsd::Tiny for Perl allows malicious metric injection

CVE-2026-46720

Summary

If you're using an old version of Net::Statsd::Tiny for Perl, an attacker could inject malicious data into your metrics. This could lead to incorrect or misleading data. Update to version 0.3.8 or later to fix this issue.

Original title

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources...

Original description

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.

The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Vulnerability type

CWE-93

https://github.com/robrwo/Net-Statsd-Tiny/commit/06f814f52fbcc0b2afddf7a2d6f8137...
https://metacpan.org/release/RRWO/Net-Statsd-Tiny-v0.3.8/changes
https://www.cve.org/CVERecord?id=CVE-2026-46719

Published: 17 May 2026 · Updated: 24 May 2026 · First seen: 17 May 2026