Resource exhaustion in Sanko Net::bittorrent
CVE-2026-57081
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining b…
Vulnerability class: DoS (Denial of Service)
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Sanko Net::bittorrent — versions 0
Weakness classification (CWE)
References
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (vendor-advisory)
Frequently asked questions
- What is CVE-2026-57081?
- CVE-2026-57081 is a high-severity vulnerability in Sanko Net::bittorrent, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-06-30.
- How severe is CVE-2026-57081?
- High severity. CVSS v3 base score is 7.5 out of 10.