CVE-2026-45191
May 11, 2026, 6:16 p.m.
6.5
Medium
Description
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.
Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value.
See also CVE-2026-45190.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Perl |
|
|
| Net |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-1289
Improper Validation of Unsafe Equivalence in Input
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | perl | perl | / | / | / | / | / | / | / | / |
| a | net | cidr | lite | <0.24 | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: NONE
- Integrity Impact: LOW
- Availability Impact: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Timeline
Published: May 10, 2026, 9:16 p.m.
Last Modified: May 11, 2026, 6:16 p.m.
Last Modified: May 11, 2026, 6:16 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
9b29abf9-4ab0-4765-b253-1875cd9b441e
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.