CVE-2026-4176 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 30, 2026
Perl - Undefined
Overview
Perl 5.9.4 < versions < 5.40.4-RC1, 5.41.0 < versions < 5.42.2-RC1, and 5.43.0 < versions < 5.43.9 contain a vulnerability in Compress::Raw::Zlib due to a vendored zlib with multiple vulnerabilities, letting attackers exploit zlib flaws, exploit requires crafted input.
Severity & Score
Impact
Attackers can exploit zlib vulnerabilities to cause potential denial of service or code execution.
Mitigation
Update to Perl version including Compress::Raw::Zlib 2.221 or later.
References
- https://metacpan.org/release/SHAY/perl-5.40.4/changes
- https://metacpan.org/release/SHAY/perl-5.42.2/changes
- https://www.cve.org/CVERecord?id=CVE-2026-3381
- http://www.openwall.com/lists/oss-security/2026/03/30/2
- https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
- https://lists.security.metacpan.org/cve-announce/msg/37638919/
- https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
Social Media Activity(2 posts)
⚠️ CVE-2026-4176 (HIGH): Perl Compress::Raw::Zlib uses a vulnerable zlib, risking memory corruption or code execution. Affects 5.9.4 – 5.43.0. Update to Compress::Raw::Zlib 2.221+ ASAP! https://radar.offseq.com/threat/cve-2026-4176-cwe-1395-dependency-on-vulnerable-th-556b643e #OffSeq #Perl #Vuln #SysAdmin
View original post
⚠️ CVE-2026-4176 (HIGH): Perl Compress::Raw::Zlib uses a vulnerable zlib, risking memory corruption or code execution. Affects 5.9.4 – 5.43.0. Update to Compress::Raw::Zlib 2.221+ ASAP! https://radar.offseq.com/threat/cve-2026-4176-cwe-1395-dependency-on-vulnerable-th-556b643e #OffSeq #Perl #Vuln #SysAdmin
View original postRelated Resources
Details
- CVE ID
- CVE-2026-4176
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- unconfirmed
- EPSS
- 0.9%
- Social Posts
- 2
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H