CVE-2026-46720
High
Published: 17 May 2026
Published
17 May 2026
Modified
18 May 2026
KEV Added
—
Patch
—
CVSS Score v3.1
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score
0.0034
26.4th percentile
Summary
CVE-2026-46720 is a high-severity CRLF Injection (CWE-93) vulnerability. Its CVSS base score is 8.2 (High).
Operationally, ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30706
Vulnerability details
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.Confidence: LOW · MITRE ATT&CK Enterprise v19.0
CVEs Like This One
CVE-2026-50292Shared CWE-93
CVE-2026-39983Shared CWE-93
CVE-2026-39849Shared CWE-93
CVE-2026-1714Shared CWE-93
CVE-2026-8788Shared CWE-93
CVE-2026-6351Shared CWE-93
CVE-2026-39958Shared CWE-93
CVE-2026-41230Shared CWE-93
CVE-2025-28357Shared CWE-93
CVE-2026-34975Shared CWE-93
Affected Assets
—
Tiny
inferred from references and description; NVD did not file a CPE for this CVE
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.