Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2026-8722

CVE-2026-8722

MEDIUM6.5

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections

Published Jun 3, 2026

Modified 3 days ago

Details

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.

The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

References

https://www.cve.org/CVERecord?id=CVE-2026-46719

https://www.cve.org/CVERecord?id=CVE-2026-46720

https://www.cve.org/CVERecord?id=CVE-2026-8722

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

NoneA:N

6.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedJun 3, 2026

ModifiedJun 19, 2026

CVE-2026-8722 | Mondoo Vulnerability Intelligence