CVE-2026-14740
Last modified
CVE-2026-14740 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Perl | Dbi | < 1.650 |
References
- http://www.openwall.com/lists/oss-security/2026/07/07/17Mailing List, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-14740?
How severe is CVE-2026-14740?
How do I fix CVE-2026-14740?
Related CVEs from 2026
- CVE-2026-14735A vulnerability has been found in code-projects Smart Parkin…7.3
- CVE-2026-14736A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.…7.3
- CVE-2026-14737A vulnerability was identified in Hanwang e-Face General Man…7.3
- CVE-2026-14738A security flaw has been discovered in exo-explore exo up to…3.7
- CVE-2026-14739DBI versions before 1.650 for Perl have a heap overflow when…9.8
- CVE-2026-1474An out-of-band SQL injection vulnerability (OOB SQLi) has be…7.5
- CVE-2026-14742A vulnerability was determined in langchain-ai langgraph up …3.1
- CVE-2026-14743A vulnerability was identified in code-projects Real State S…7.3
- CVE-2026-14744A security flaw has been discovered in code-projects Real St…7.3
- CVE-2026-14745A weakness has been identified in code-projects Real State S…7.3
- CVE-2026-14746A security vulnerability has been detected in code-projects …7.3
- CVE-2026-14747A vulnerability was detected in code-projects Real State Ser…7.3
Are you affected by CVE-2026-14740?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
