CVE-2026-45191
Received Received - Intake
Net::CIDR::Lite CIDR Mask Validation Bypass

Publication date: 2026-05-10

Last updated on: 2026-05-10

Assigner: CPANSec

Description
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-10
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2026-45191
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1289 The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Net::CIDR::Lite versions before 0.24 for Perl. The issue is that the software does not properly handle extraneous zero characters in CIDR mask values. For example, mask forms like "/00" and "/01" are incorrectly accepted as valid and parse to the same prefix as their unpadded counterparts. This improper validation can lead to an IP Access Control List (ACL) bypass.


How can this vulnerability impact me? :

Because the vulnerability allows IP ACL bypass, an attacker could potentially circumvent network access restrictions that rely on CIDR mask validation. This could lead to unauthorized access to systems or resources that are supposed to be protected by IP-based ACLs.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart