EUVD-2026-30668
Files or Directories Accessible to External Parties (CWE-552)
GHSA-5cq6-9f97-wjwx
6.5
CVSS 3.1
Share
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Lifecycle Timeline
3
Analysis Generated
May 18, 2026 - 16:24 vuln.today
CVSS changed
May 18, 2026 - 16:22 NVD
6.5 (MEDIUM)
CVE Published
May 15, 2026 - 22:18 nvd
UNKNOWN (no severity yet)
DescriptionNVD
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
AnalysisAI
File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controlled input reaches the library's key handling routines. The root cause is use of Perl's 2-argument open() form in lib/Crypt/DSA/Key.pm, which interprets leading or trailing special characters in filenames as I/O mode specifiers, enabling reads from or writes to arbitrary files. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).