CVE-2026-8722

Summary

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.

The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Affected Software

VendorProductVersion RangeStatus
TEAMNet::Async::Statsd::Client0 <= 0.005affected

Weaknesses

  • CWE-93: CWE-93 Improper Neutralization of CRLF Sequences
  • CWE-150: CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

Workarounds

Ensure only trusted data is submitted to metrics.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References