ALPINE-CVE-2026-11527
- Source
- https://security.alpinelinux.org/vuln/CVE-2026-11527
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-11527.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-11527
- Upstream
- Published
- 2026-06-14T12:16:23.357Z
- Modified
- 2026-06-19T14:30:06.939680085Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in makefilehandle.
Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or ends with a pipe ("| cmd", "cmd |") or begins with a redirect ("> path", ">> path") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file => $thing) reaches it through ReadConfig. An in-memory scalar reference (-file => \$text) does not open a path and is unaffected.
Any caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID.
- References
Affected packages
Alpine:v3.21 / perl-config-inifiles
Package
- Name
- perl-config-inifiles
- Purl
- pkg:apk/alpine/perl-config-inifiles?arch=source
Alpine:v3.22 / perl-config-inifiles
Package
- Name
- perl-config-inifiles
- Purl
- pkg:apk/alpine/perl-config-inifiles?arch=source
Alpine:v3.23 / perl-config-inifiles
Package
- Name
- perl-config-inifiles
- Purl
- pkg:apk/alpine/perl-config-inifiles?arch=source