What is the CVSS score of CVE-2026-46740?

CVE-2026-46740 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Mojolicious::Plugin::Statsd CVE-2026-46740

MEDIUM

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)

2026-05-26 9b29abf9-4ab0-4765-b253-1875cd9b441e

Code Injection

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 28, 2026 - 18:31 vuln.today

Analysis Generated

May 28, 2026 - 18:31 vuln.today

CVSS changed

May 28, 2026 - 16:22 NVD

5.3 (MEDIUM)

CVE Published

May 26, 2026 - 23:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.

The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).

AnalysisAI

Metric injection in Mojolicious::Plugin::Statsd through version 0.04 for Perl allows remote unauthenticated attackers to inject arbitrary statsd metrics by supplying crafted values containing newlines, colons, or pipe characters - the delimiters of the statsd wire protocol. Applications that pass untrusted input directly into metric names or set values are affected. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-46740 vulnerability details – vuln.today

Back

Mojolicious::Plugin::Statsd CVE-2026-46740

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code