CVE-2026-45180
Received Received - Intake
Session ID Leak in Catalyst::Plugin::Statsd

Publication date: 2026-05-10

Last updated on: 2026-05-10

Assigner: CPANSec

Description
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-10
Generated
2026-06-20
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-45180
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
catalyst plugin to 0.10.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in Catalyst::Plugin::Statsd versions through 0.10.0 for Perl, where session IDs may be leaked.

If the communication channel to the statsd daemon is not secured, such as when UDP packets are sent to a host on another network, an attacker may be able to intercept these session IDs.

Leaked session IDs can be used by attackers as authentication tokens, potentially allowing unauthorized access.

Impact Analysis

This vulnerability can lead to session ID leakage if the communication to the statsd daemon is not properly secured.

An attacker who obtains these session IDs could impersonate legitimate users by using the session IDs as authentication tokens.

This could result in unauthorized access to user accounts or sensitive information.

Compliance Impact

The vulnerability in Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session IDs if the communication channel to the statsd daemon is not secured. This leakage could allow attackers to use session IDs as authentication tokens.

Leaking session IDs can lead to unauthorized access to user sessions, which may result in exposure of personal or sensitive data. Such exposure could potentially violate data protection regulations like GDPR or HIPAA, which require safeguarding user authentication and personal information.

Therefore, if exploited, this vulnerability could negatively impact compliance with standards that mandate secure handling of authentication tokens and protection of user data.

Mitigation Strategies

To mitigate the vulnerability, ensure that the communication channel to the statsd daemon is secured.

  • Avoid sending UDP packets to hosts on other networks.
  • Use secure communication methods to prevent session id leakage.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45180. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart