CWE-1395

Dependency on Vulnerable Third-Party Component

1 CVEs Avg CVSS 9.8 MITRE

1

CRITICAL

0

HIGH

0

MEDIUM

0

LOW

0

POC

0

KEV

Monthly

CVE-2026-4176 CRITICAL PATCH NEWS Act Now

Perl versions 5.9.4-5.40.3, 5.41.0-5.42.1, and 5.43.0-5.43.8 bundle a vulnerable version of Compress::Raw::Zlib that inherits multiple information-disclosure vulnerabilities from a vendored zlib library, including CVE-2026-27171. Affected users running these Perl versions can experience data exposure through the bundled compression module. Vendor patches are available in Perl 5.40.4, 5.42.2, and 5.43.9 via Compress::Raw::Zlib 2.221.

Information Disclosure

NVD GitHub VulDB

CVSS 3.1

9.8

EPSS

0.0%

CVE-2026-4176

EPSS 0% CVSS 9.8

CRITICAL PATCH Act Now

Perl versions 5.9.4-5.40.3, 5.41.0-5.42.1, and 5.43.0-5.43.8 bundle a vulnerable version of Compress::Raw::Zlib that inherits multiple information-disclosure vulnerabilities from a vendored zlib library, including CVE-2026-27171. Affected users running these Perl versions can experience data exposure through the bundled compression module. Vendor patches are available in Perl 5.40.4, 5.42.2, and 5.43.9 via Compress::Raw::Zlib 2.221.

Information Disclosure

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy