PatchSiren cyber security CVE debrief
CVE-2026-46741 SANBEG CVE debrief
CVE-2026-46741 is a HIGH severity vulnerability in Etsy::StatsD versions through 1.002002 for Perl. The vulnerability allows metric injections due to unchecked metric names and values for newlines, colons, or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The CVSS score for this vulnerability is 7.5. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- SANBEG
- Product
- Etsy::StatsD
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of Etsy::StatsD versions through 1.002002 for Perl should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The Etsy::StatsD library for Perl does not properly sanitize metric names and values, allowing for potential metric injections. This could lead to unauthorized metric creation or modification.
Defensive priority
HIGH
Recommended defensive actions
- Update to a version of Etsy::StatsD that checks for and prevents metric injections.
- Validate and sanitize all metric names and values from untrusted sources.
- Monitor statsd metrics for anomalies that could indicate an injection attack.
Evidence notes
The CVE record and NVD detail provide evidence of the vulnerability and its potential impact.
Official resources
-
CVE-2026-46741 CVE record
CVE.org
-
CVE-2026-46741 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
9b29abf9-4ab0-4765-b253-1875cd9b441e - Third Party Advisory
-
Mitigation or vendor reference
9b29abf9-4ab0-4765-b253-1875cd9b441e - Third Party Advisory
CVE-2026-46741 was published on 2026-06-04T17:16:32.790Z and last modified on 2026-06-08T16:33:05.893Z.