CVE-2026-49940

Summary

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks.

Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks.

Affected Software

VendorProductVersion RangeStatus
RRWONet::CIDR::Set0 <= 0.20affected

Weaknesses

  • CWE-1289: CWE-1289 Improper Validation of Unsafe Equivalence in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References