Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-8500: Web::Passwd for Perl allows unauthorized command execution.
CVE-2026-8500
Summary
The Web::Passwd Perl module has a security flaw that allows hackers to execute unauthorized commands on a server. This can lead to unauthorized access to sensitive data or the takeover of the server. Update to a fixed version of Web::Passwd to protect your system.
Original title
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.
Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.
The user parameter is not validated...
Original description
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.
Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.
The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.
Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.
The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.
Vulnerability type
CWE-78
OS Command Injection
Published: 13 May 2026 · Updated: 28 May 2026 · First seen: 14 May 2026