Skip to main content

DBD::File CVE-2026-15392

| EUVDEUVD-2026-43727 HIGH
Path Traversal (CWE-22)
2026-07-14 CPANSec
7.7
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
7.7 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
7.1 HIGH

Local vector requiring symlink placement in the data directory or control of table names implies PR:L; high confidentiality and integrity from arbitrary file read/write, no availability impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (CPANSec).

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Source Code Evidence Fetched
Jul 15, 2026 - 16:30 vuln.today
Analysis Generated
Jul 15, 2026 - 16:30 vuln.today
CVSS changed
Jul 15, 2026 - 14:22 NVD
7.7 (HIGH)
CVE Published
Jul 14, 2026 - 15:34 cve.org
HIGH 7.7
CVE Published
Jul 14, 2026 - 15:34 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location.

The complete_table_name method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at any path outside of the configured f_dir and f_dir_search directories.

Callers of file-based drivers can read or write files outside of the data directory.

AnalysisAI

Arbitrary file read/write in Perl's DBD::File before 1.651 lets callers of file-based DBI drivers escape the configured data directory via a symbolic link placed inside it. Because the complete_table_name method resolved the absolute table-file path without validating whether the entry was a symlink, a link within f_dir could point to any path on the filesystem, breaking the directory sandbox for both reads and writes. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain write access to f_dir data directory
Delivery
Plant symlink named as a table pointing outside f_dir
Exploit
Trigger driver query via file-based DBD
Execution
complete_table_name follows unvalidated symlink
Impact
Read or write file outside data directory

Vulnerability AssessmentAI

Exploitation Exploitation requires the use of a file-based DBI driver built on DBD::File (e.g. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, 7.7 High) reflects local access with high confidentiality and integrity impact and no availability impact, which matches a data-directory sandbox escape. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can write into a DBD::File data directory (or influence the table name a file-driver application opens) plants a symbolic link named like a table that points to a sensitive file such as /etc/passwd or an application config outside f_dir. When the application performs a SELECT or INSERT against that 'table,' DBD::File follows the link and reads or overwrites the external file with the process's privileges. …
Remediation Vendor-released patch: upgrade DBI/DBD::File to version 1.651 or later, which adds an explicit symlink check in complete_table_name (commit 96d62dfe4528bf56fe13f413ed323d4252531728); this is the primary fix and is documented in advisory GHSA-mh3j-xwf4-jrqw and the release notes at https://metacpan.org/release/HMBRAND/DBI-1.651/changes. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all production and critical systems running Perl DBD::File and verify their network accessibility and data sensitivity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy