Review
SHLOMIF
CVE published 2026-06-14
CVE-2026-11527
CVE-2026-11527 is a vulnerability in Config::IniFiles versions before 3.001000 for Perl. The vulnerability allows for OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. This occurs because Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg open(), allowing a filename that begins or ends with a pipe ( '| cmd', 'cmd |' ) or begin [truncated]