Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass

Description

A vulnerability described as critical has been identified in STIGTSP Net::CIDR::Lite up to 0.22 on Perl. The affected element is the function _pack_ipv6. Executing a manipulation can lead to improper validation of syntactic correctness of input. This vulnerability is handled as CVE-2026-40198. The attack can be executed remotely.

Affected Products

Vendor	Product	Versions
stigtsp	net::cidr::lite	0, 0.22

References

Related News (2 articles)

Tier C

VulDB3h ago

CVE-2026-40198 | STIGTSP Net::CIDR::Lite up to 0.22 on Perl _pack_ipv6 improper validation of syntactic correctness of input

→ No new info (linked only)

Tier C

oss-security4h ago

CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

0.23

CWECWE-1286

PublishedApr 10, 2026

Last enriched2h agov2

Trending Score62

Source articles3

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated description with critical vulnerability details, changed severity to CRITICAL, and noted that no exploit is available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v16h ago

Initial creation