CVE-2026-45180

CVE-2026-45180: Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids

Vendor Rrwo
Product Catalyst::Plugin::Statsd
Weakness CWE-319 · Cleartext transmission
Published May 10, 2026
Last update May 12, 2026

CVSS base score

What the vulnerability does

01Description

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.

Key dates

02Disclosure timeline

May 10, 2026 CVE published
May 12, 2026 Record updated