Skip to main content

Suse CVE-2026-45191

| EUVD-2026-28999 MEDIUM
Improper Validation of Unsafe Equivalence in Input (CWE-1289)
2026-05-10 CPANSec GHSA-fw62-67j2-4wmc
Authentication Bypass Suse
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

5
Source Code Evidence Fetched
May 11, 2026 - 20:30 vuln.today
Analysis Generated
May 11, 2026 - 20:30 vuln.today
CVSS changed
May 11, 2026 - 18:22 NVD
6.5 (None) 6.5 (MEDIUM)
CVE Published
May 10, 2026 - 20:15 nvd
MEDIUM 6.5
CVE Published
May 10, 2026 - 20:15 nvd
UNKNOWN (no severity yet)

DescriptionNVD

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.

Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value.

See also CVE-2026-45190.

AnalysisAI

Net::CIDR::Lite before version 0.24 accepts CIDR mask values with extraneous leading zeros (such as '/00' or '/01'), causing them to parse identically to their unpadded equivalents ('/0' or '/1'). This permits attackers to bypass IP-based access control lists by supplying alternate representations of the same network prefix, potentially granting unauthorized access to restricted resources. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Share

CVE-2026-45191 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy