Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass

Description

A vulnerability described as critical has been identified in STIGTSP Net::CIDR::Lite up to 0.22 on Perl. The affected element is the function _pack_ipv6. Executing a manipulation can lead to improper validation of syntactic correctness of input. This vulnerability is handled as CVE-2026-40198. The attack can be executed remotely.

Affected Products

Vendor	Product	Versions
stigtsp	net::cidr::lite	0, 0.22

References

Related News (2 articles)

Tier C

VulDB1h ago

CVE-2026-40198 | STIGTSP Net::CIDR::Lite up to 0.22 on Perl _pack_ipv6 improper validation of syntactic correctness of input

→ No new info (linked only)

Tier C

oss-security2h ago

CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

0.23

CWECWE-1286

PublishedApr 10, 2026

Last enriched41m agov2

Trending Score62

Source articles3

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

Version History

Last enriched 41m ago

v2Tier C41m ago

Updated description with critical vulnerability details, changed severity to CRITICAL, and noted that no exploit is available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v14h ago

Initial creation