Vulnerability in Shay Perl

CVE-2026-4176

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and…

EPSS: 0.000 (7.8th percentile) — read the EPSS interpretation.

Affected products

Shay Perl — versions 5.9.4, 5.41.0, 5.43.0

Weakness classification (CWE)

CWE-1395

References

www.cve.org/CVERecord (vendor-advisory, related, vdb-entry)
lists.security.metacpan.org/cve-announce/msg/37638919/ (vendor-advisory)
github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94 (patch)
metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes (release-notes)
metacpan.org/release/SHAY/perl-5.40.4/changes (release-notes)
metacpan.org/release/SHAY/perl-5.42.2/changes (release-notes)