Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-10T20:15:24 Net::CIDR::Lite: perl: Net::CIDR::Lite: IP ACL bypass due to improper input validation 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CWE-1287

A flaw was found in Net::CIDR::Lite, a Perl module for handling IP address ranges. This vulnerability allows a remote attacker to bypass IP Access Control Lists (ACLs) due to improper validation of IP address and CIDR (Classless Inter-Domain Routing) mask inputs. Specifically, inputs containing trailing newlines or non-ASCII digit characters are incorrectly processed, leading to a mismatch between the intended and actual IP addresses. This can cause functions like `find()` and `bin_find()` to incorrectly allow or deny access, compromising network security policies.

To mitigate this issue, ensure that all IP address and CIDR mask inputs processed by applications utilizing the `Net::CIDR::Lite` Perl module are strictly sanitized. This involves removing any trailing newline characters or non-ASCII digits from the input strings before they are passed to `Net::CIDR::Lite` functions such as `add()`, `find()`, or `bin_find()`. Implementing robust input validation at the application layer will prevent the module from misinterpreting malformed inputs and bypassing intended access controls. Red Hat Enterprise Linux 10 Fix deferred perl Red Hat Enterprise Linux 6 Fix deferred perl Red Hat Enterprise Linux 7 Fix deferred perl Red Hat Enterprise Linux 8 Fix deferred perl Red Hat Enterprise Linux 8 Fix deferred perl:5.32/perl Red Hat Enterprise Linux 9 Fix deferred perl Red Hat OpenShift Container Platform 4 Fix deferred rhcos https://www.cve.org/CVERecord?id=CVE-2026-45190 https://nvd.nist.gov/vuln/detail/CVE-2026-45190 https://github.com/stigtsp/Net-CIDR-Lite/commit/ca9542adec87110556601d7ce48381ea8d13e692.patch https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.24/changes https://www.cve.org/CVERecord?id=CVE-2026-45191