Cyber Resilience

CVE-2026-46720

High

Published: 17 May 2026

Published
17 May 2026
Modified
18 May 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0034 26.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-46720 is a high-severity CRLF Injection (CWE-93) vulnerability. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-50292Shared CWE-93
CVE-2026-39983Shared CWE-93
CVE-2026-39849Shared CWE-93
CVE-2026-1714Shared CWE-93
CVE-2026-8788Shared CWE-93
CVE-2026-6351Shared CWE-93
CVE-2026-39958Shared CWE-93
CVE-2026-41230Shared CWE-93
CVE-2025-28357Shared CWE-93
CVE-2026-34975Shared CWE-93

Affected Assets

Tiny
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References