CVE-2026-45179
IP Address Leak in Plack Middleware Statsd
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| robrwo | plack_middleware_statsd | to 0.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-45179 vulnerability affects versions of Plack::Middleware::Statsd prior to 0.9.0. It involves the potential leakage of sensitive information, specifically users' IP addresses, when the communication channel to the statsd daemon is unsecured, such as through UDP packets sent over an unprotected network.
In these affected versions, IP addresses are logged directly to statsd, which can expose them to unauthorized parties. Starting with version 0.9.0, IP addresses are no longer logged by default, and if logging is configured, an HMAC signature of the IP address is used instead to prevent plaintext exposure.
How can this vulnerability impact me? :
This vulnerability can lead to the exposure of users' IP addresses if the communication channel to the statsd daemon is not secured. Such exposure can compromise user privacy and potentially allow attackers to track or identify users based on their IP information.
Since the IP addresses are transmitted in cleartext in affected versions, attackers who can intercept the network traffic may obtain this sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for unsecured communication channels to the statsd daemon, especially UDP packets sent over unprotected networks that may contain user IP addresses in plaintext.
You can use network packet capture tools such as tcpdump or Wireshark to inspect UDP traffic to the statsd daemon and check if user IP addresses are being transmitted in cleartext.
- Use tcpdump to capture UDP packets to the statsd server: sudo tcpdump -i <interface> udp and host <statsd_server_ip>
- Analyze captured packets with Wireshark to look for user IP addresses sent in plaintext.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade Plack::Middleware::Statsd to version 0.9.0 or later, where IP addresses are no longer logged in plaintext.
If upgrading is not immediately possible, ensure that the communication channel to the statsd daemon is secured, for example by avoiding sending UDP packets over untrusted networks.
Additionally, configure the middleware to log an HMAC signature of the IP address instead of the plaintext IP address to prevent sensitive information leakage.