CVE-2026-8500 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 14, 2026
Web::Passwd - Remote Code Execution
Published: May 13, 2026Updated: May 14, 2026Remote Exploitable
Overview
Web::Passwd <= 0.03 for Perl contains a command injection caused by unvalidated user parameter used in command line, letting remote attackers execute arbitrary commands, exploit requires crafted request.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Remote attackers can execute arbitrary commands on the server, potentially leading to full system compromise.
Mitigation
Update to the latest version or apply patches that validate and escape user input.
References
Related Resources
Details
- CVE ID
- CVE-2026-8500
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- rejected
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H