Vulnerability in Stigtsp Net::cidr::lite

CVE-2026-40198

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2…

EPSS: 0.001 (16.5th percentile) — read the EPSS interpretation.

Affected products

Stigtsp Net::cidr::lite — versions 0

Weakness classification (CWE)

CWE-1286

References

github.com/stigtsp/Net-CIDR-Lite/commit/25d65f85dbe4885959a10471725ec9d250a589c… (patch)
metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/changes (release-notes)
www.cve.org/CVERecord (related)