Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-27T03:12:38 perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-94

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of unauthorized code on the system, potentially allowing the attacker to take full control of the affected process.

Red Hat Enterprise Linux 10 Affected perl-IO-Compress Red Hat Enterprise Linux 7 Affected perl-IO-Compress Red Hat Enterprise Linux 8 Affected perl:5.32/perl-IO-Compress Red Hat Enterprise Linux 8 Affected perl-IO-Compress Red Hat Enterprise Linux 9 Affected perl-IO-Compress https://www.cve.org/CVERecord?id=CVE-2026-48962 https://nvd.nist.gov/vuln/detail/CVE-2026-48962 https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610.patch https://metacpan.org/release/PMQS/IO-Compress-2.220/changes