ALPINE-CVE-2026-4176

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2026-4176

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4176.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-4176

Upstream

CVE-2026-4176

Published

2026-03-29T21:16:15.717Z

Modified

2026-04-02T23:32:25.687936Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.

Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

References

https://security.alpinelinux.org/vuln/CVE-2026-4176

Affected packages

Alpine:v3.23 / perl

Package

Name: perl
Purl: pkg:apk/alpine/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4176.json"