CVE-2026-45191

Published May 10th, 2026

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190.

stigtsp/Net-CIDR-Lite

Perl extension for merging IPv4 or IPv6 CIDR addresses

GitHub