CVE-2026-46741
Last modified
CVE-2026-46741 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sanbeg | Etsy\ | <= 1.002002 | Statsd |
References
- https://www.cve.org/CVERecord?id=CVE-2026-46719Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-46720Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-46741?
How severe is CVE-2026-46741?
How do I fix CVE-2026-46741?
Are you affected by CVE-2026-46741?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST