Skip to main content

Perl DBI CVE-2026-14740

CRITICAL
Out-of-bounds Read (CWE-125)
2026-07-07 CPANSec
Critical
Disputed · 9.1 Vendor: CPANSec
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (CPANSec) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
4.8 MEDIUM

AC:H because it needs comment-leading SQL reaching preparse() and a hardened build to fault; C:L (one nondeterministic byte, not H) and A:L (crash only on hardened builds).

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Red Hat
5.0 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 08, 2026 - 14:24 vuln.today
CVSS changed
Jul 08, 2026 - 14:22 NVD
9.1 (CRITICAL)
CVE Published
Jul 07, 2026 - 22:05 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.

The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.

AnalysisAI

Out-of-bounds read in the Perl DBI module's preparse() SQL-normalisation routine allows an attacker who controls SQL passed to the method (where the statement begins with a comment line) to trigger a one-byte read past a buffer, in all DBI releases before 1.650. On memory-hardened builds this faults and crashes the process (availability impact); on normal builds it produces nondeterministic newline retention. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach app endpoint using DBI preparse
Delivery
Submit SQL starting with a comment line
Exploit
Trigger one-byte out-of-bounds read in normalisation
Execution
Fault on hardened build
Impact
Worker process crash / denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target application calls DBI's preparse() method on SQL whose content the attacker can influence, AND that the supplied SQL statement begins with an initial SQL comment line - that leading-comment condition is the exact trigger stated in the description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict sharply and warrant scepticism of the headline 9.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An application exposes an endpoint that forwards user-supplied SQL (or SQL assembled from user input) into DBI's preparse() for normalisation. An attacker submits a statement beginning with a comment line (e.g. …
Remediation Vendor-released patch: DBI 1.650 - upgrade the Perl DBI module to 1.650 or later from CPAN (cpan DBI or via your OS/vendor package channel); the upstream fix is commit fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01 (https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01.patch) referenced in advisory GHSA-35f4-f8m9-w8xg. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems and applications using Perl DBI and assess which receive SQL input from untrusted sources (users, external APIs, or logs). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected

Share

CVE-2026-14740 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy