Skip to main content

Suse EUVDEUVD-2026-28999

| CVE-2026-45191 MEDIUM
Improper Validation of Unsafe Equivalence in Input (CWE-1289)
2026-05-10 CPANSec GHSA-fw62-67j2-4wmc
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

5
Source Code Evidence Fetched
May 11, 2026 - 20:30 vuln.today
Analysis Generated
May 11, 2026 - 20:30 vuln.today
CVSS changed
May 11, 2026 - 18:22 NVD
6.5 (None) 6.5 (MEDIUM)
CVE Published
May 10, 2026 - 20:15 nvd
MEDIUM 6.5
CVE Published
May 10, 2026 - 20:15 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.

Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value.

See also CVE-2026-45190.

AnalysisAI

Net::CIDR::Lite before version 0.24 accepts CIDR mask values with extraneous leading zeros (such as '/00' or '/01'), causing them to parse identically to their unpadded equivalents ('/0' or '/1'). This permits attackers to bypass IP-based access control lists by supplying alternate representations of the same network prefix, potentially granting unauthorized access to restricted resources. The vulnerability affects all Perl installations using vulnerable versions of this library and is rated with CVSS 6.5 (moderate integrity and availability impact). No active exploitation has been confirmed by CISA, but the flaw is automatable and exploitable remotely without authentication.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected
SUSE Linux Enterprise Module for Development Tools 15 SP7 Affected

Share

EUVD-2026-28999 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy