CVE-2026-45191

Summary

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.

Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value.

See also CVE-2026-45190.

Affected Software

VendorProductVersion RangeStatus
STIGTSPNet::CIDR::Lite0 < 0.24affected

Weaknesses

  • CWE-1289: CWE-1289 Improper Validation of Unsafe Equivalence in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References