CVE-2026-46720

High

Published: 17 May 2026

Published

17 May 2026

Modified

18 May 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

EPSS Score 0.0001 1.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-46720 is a high-severity CRLF Injection (CWE-93) vulnerability. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-93

Affected Products

—

Tiny

inferred from references and description; NVD did not file a CPE for this CVE

References

https://github.com/robrwo/Net-Statsd-Tiny/commit/06f814f52fbcc0b2afddf7a2d6f8137fd3cede13.patch
9b29abf9-4ab0-4765-b253-1875cd9b441e
https://metacpan.org/release/RRWO/Net-Statsd-Tiny-v0.3.8/changes
9b29abf9-4ab0-4765-b253-1875cd9b441e
https://www.cve.org/CVERecord?id=CVE-2026-46719
9b29abf9-4ab0-4765-b253-1875cd9b441e