CVE-2026-11527

Source
https://cve.org/CVERecord?id=CVE-2026-11527
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11527.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-11527
Downstream
Related
Published
2026-06-14T11:40:45.634Z
Modified
2026-07-08T07:01:38.908894954Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle
Details

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in makefilehandle.

Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or ends with a pipe ("| cmd", "cmd |") or begins with a redirect ("> path", ">> path") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file => $thing) reaches it through ReadConfig. An in-memory scalar reference (-file => \$text) does not open a path and is unaffected.

Any caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11527.json",
    "cna_assigner": "CPANSec",
    "cwe_ids": [
        "CWE-73",
        "CWE-78"
    ]
}
References

Affected packages

Git / github.com/shlomif/perl-config-inifiles

Affected ranges

Type
GIT
Repo
https://github.com/shlomif/perl-config-inifiles
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.001000"
        }
    ]
}

Affected versions

releases/2.*
releases/2.80
releases/2.81
releases/2.82
releases/2.83
releases/2.84
releases/2.85
releases/2.86
releases/2.87
releases/2.88
releases/2.89
releases/2.90
releases/2.91
releases/2.92
releases/2.93
releases/2.94
releases/2.95
releases/2.96
releases/2.97
releases/2.98
releases/2.99
releases/3.*
releases/3.000000
releases/3.000001
releases/3.000002
releases/3.000003

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11527.json"