CVE-2026-45180 | THREATINT

Description

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.

PUBLISHED Reserved 2026-05-09 | Published 2026-05-10 | Updated 2026-05-10 | Assigner CPANSec

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

Product status

Default status

unaffected

Any version

affected

References

github.com/...Statsd/security/advisories/GHSA-gjvr-hq83-fc38 vendor-advisory

metacpan.org/.../RRWO/Catalyst-Plugin-Statsd-v0.10.0/changes release-notes

www.cve.org/CVERecord?id=CVE-2026-45179 related

github.com/...Statsd/security/advisories/GHSA-9gwm-665p-w2xx related

cve.org (CVE-2026-45180)

nvd.nist.gov (CVE-2026-45180)

Download JSON