What is CVE-2026-46740?

CVE-2026-46740 is a medium-severity vulnerability in Rrwo Mojolicious::plugin::statsd, classified under CRLF Injection. CVSS score: 5.3/10. Published 2026-05-26.

How severe is CVE-2026-46740?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Rrwo Mojolicious::plugin::statsd

CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd…

Vulnerability class: CRLF Injection

EPSS: 0.000 (4.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Rrwo Mojolicious::plugin::statsd — versions 0

Weakness classification (CWE)

CWE-93 — CRLF Injection

References

9b29abf9-4ab0-4765-b253-1875cd9b441e (patch)
9b29abf9-4ab0-4765-b253-1875cd9b441e (release-notes)
9b29abf9-4ab0-4765-b253-1875cd9b441e (related)

Frequently asked questions

What is CVE-2026-46740?: CVE-2026-46740 is a medium-severity vulnerability in Rrwo Mojolicious::plugin::statsd, classified under CRLF Injection. CVSS score: 5.3/10. Published 2026-05-26.
How severe is CVE-2026-46740?: Medium severity. CVSS v3 base score is 5.3 out of 10.