ALPINE-CVE-2026-45191

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2026-45191
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-45191.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-45191
Upstream
  • CVE-2026-45191
Published
2026-05-10T21:16:29.380Z
Modified
2026-06-15T18:18:11.249516881Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.

Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value.

See also CVE-2026-45190.

References

Affected packages

Alpine:v3.24 / perl-net-cidr-lite

Package

Name
perl-net-cidr-lite
Purl
pkg:apk/alpine/perl-net-cidr-lite?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.24-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-45191.json"