CVE-2026-3381

Critical

Published: 05 March 2026

Published

05 March 2026

Modified

18 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0003 10.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3381 is a critical-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Pmqs Compress\. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventdetect

Mandates establishing a flaw remediation process to monitor for, report, and timely correct vulnerabilities like the insecure zlib bundled in Compress::Raw::Zlib versions through 2.219 by upgrading to 2.220.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Requires vulnerability monitoring and scanning to identify systems processing data with vulnerable Compress::Raw::Zlib modules exposing them to remote exploitation.

CM-8 System Component Inventory partial match

detect

Maintains an inventory of system components and versions, enabling identification of installations using vulnerable Compress::Raw::Zlib through 2.219.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The CVE describes a remotely exploitable RCE vulnerability (CVSS 9.8, no auth or user interaction required) in a data-processing library exposed over the network, which directly maps to exploitation of public-facing applications that ingest untrusted zlib-compressed input.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.

Deeper analysisAI

Compress::Raw::Zlib versions through 2.219 for Perl bundle potentially insecure versions of the zlib library, exposing users to vulnerabilities identified in a 7ASecurity audit of zlib. This Perl module includes its own copy of zlib, which in affected versions predates the fixes in zlib 1.3.2. The issue is tracked as CVE-2026-3381 with CWE-1284 and a CVSS v3.1 base score of 9.8, indicating critical severity due to high impacts on confidentiality, integrity, and availability.

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation can result in high-impact compromise, allowing arbitrary code execution, data tampering, or denial of service on systems processing zlib-compressed data via the affected Compress::Raw::Zlib module.

Advisories recommend upgrading to Compress::Raw::Zlib version 2.220 or later, which integrates zlib 1.3.2 and addresses the 7ASecurity audit findings, including fixes for CVE-2026-27171. Relevant resources include the 7ASecurity blog post on the audit, zlib GitHub repository and v1.3.2 release notes, a Compress-Raw-Zlib issue tracker entry, and the module's Changes file on MetaCPAN.

Details

CWE(s): CWE-1284

Affected Products

pmqs

compress\

CVEs Like This One

CVE-2025-55398Shared CWE-1284

CVE-2026-27384Shared CWE-1284

CVE-2026-1092Shared CWE-1284

CVE-2025-14513Shared CWE-1284

CVE-2026-30573Shared CWE-1284

CVE-2026-25345Shared CWE-1284

CVE-2021-47827Shared CWE-1284

CVE-2023-54337Shared CWE-1284

CVE-2026-40093Shared CWE-1284

CVE-2024-30516Shared CWE-1284

References

https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/
Third Party Advisory · 9b29abf9-4ab0-4765-b253-1875cd9b441e
https://github.com/madler/zlib
Product · 9b29abf9-4ab0-4765-b253-1875cd9b441e
https://github.com/madler/zlib/releases/tag/v1.3.2
Release Notes · 9b29abf9-4ab0-4765-b253-1875cd9b441e
https://github.com/pmqs/Compress-Raw-Zlib/issues/41
Issue Tracking · 9b29abf9-4ab0-4765-b253-1875cd9b441e
https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
Product, Release Notes · 9b29abf9-4ab0-4765-b253-1875cd9b441e
https://www.cve.org/CVERecord?id=CVE-2026-27171
Third Party Advisory · 9b29abf9-4ab0-4765-b253-1875cd9b441e
https://www.zlib.net/
Product · 9b29abf9-4ab0-4765-b253-1875cd9b441e