CVE-2026-45180

Summary

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids.

If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.

Affected Software

VendorProductVersion RangeStatus
RRWOCatalyst::Plugin::Statsd0 <= 0.10.0affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

Workarounds

Use a statsd daemon on the same host or through a secure communications channel.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References