Resource exhaustion in Sanko Net::bittorrent

CVE-2026-57081

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining b…

Vulnerability class: DoS (Denial of Service)

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-57081?
CVE-2026-57081 is a high-severity vulnerability in Sanko Net::bittorrent, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-06-30.
How severe is CVE-2026-57081?
High severity. CVSS v3 base score is 7.5 out of 10.