PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49942 RRWO CVE debrief

CVE-2026-49942 is a HIGH-severity vulnerability in Net::CIDR::Set versions through 0.20 for Perl. The issue arises from the lack of validation for network masks, which could contain Unicode digits or non-digits that are ignored. This oversight could lead to network masks accepting larger networks than intended. Additionally, leading zeros in network masks were accepted but treated as decimal instead of octal, potentially causing confusion about acceptable networks.

Vendor
RRWO
Product
Net::CIDR::Set
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-04
Original CVE updated
2026-06-08
Advisory published
2026-06-04
Advisory updated
2026-06-08

Who should care

Users of Net::CIDR::Set versions through 0.20 for Perl should be aware of this vulnerability, as it could impact network security and configuration.

Technical summary

The Net::CIDR::Set Perl module did not properly validate network masks, allowing for potential security issues. Specifically, the mask portion of a network could contain Unicode digits (e.g., Arabic-Indic One, U+0661) or non-digits, which were ignored. This could result in network masks accepting larger networks than intended. Furthermore, leading zeros in network masks were accepted but interpreted in decimal rather than octal, potentially leading to confusion about which networks are acceptable.

Defensive priority

HIGH

Recommended defensive actions

  • Update to Net::CIDR::Set version 0.21 or later.
  • Review and validate network configurations to ensure they align with intended settings.

Evidence notes

CVE-2026-49942 was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability has a CVSS score of 7.3 and is considered HIGH severity.

Official resources

CVE-2026-49942 was published on 2026-06-04T17:16:33.283Z and modified on 2026-06-08T16:37:19.450Z.