Skip to main content

Dbd

1 CVEs product

Monthly

CVE-2026-15392 HIGH PATCH This Week

Arbitrary file read/write in Perl's DBD::File before 1.651 lets callers of file-based DBI drivers escape the configured data directory via a symbolic link placed inside it. Because the complete_table_name method resolved the absolute table-file path without validating whether the entry was a symlink, a link within f_dir could point to any path on the filesystem, breaking the directory sandbox for both reads and writes. No public exploit has been identified at time of analysis, and the flaw is not in CISA KEV; a vendor patch (DBI 1.651) is available.

Path Traversal Dbd
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.2%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Arbitrary file read/write in Perl's DBD::File before 1.651 lets callers of file-based DBI drivers escape the configured data directory via a symbolic link placed inside it. Because the complete_table_name method resolved the absolute table-file path without validating whether the entry was a symlink, a link within f_dir could point to any path on the filesystem, breaking the directory sandbox for both reads and writes. No public exploit has been identified at time of analysis, and the flaw is not in CISA KEV; a vendor patch (DBI 1.651) is available.

Path Traversal Dbd
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy