Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-9698EXPLOITEDPATCHED

perl · dbi

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

Description

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

Affected Products

Vendor	Product	Versions
perl	dbi	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
cpanel	cpanel/whm	cert_advisory	90%

References

Related News (3 articles)

Tier B

BSI Advisories16d ago

[NEU] [hoch] cPanel cPanel/WHM: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB18d ago

CVE-2026-9698 | HMBRAND DBI up to 1.647 on Perl Error Message RaiseError/PrintError/HandleError out-of-bounds write

→ No new info (linked only)

Tier C

oss-security18d ago

CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.648

CWECWE-787

PublishedJun 9, 2026

Last enriched18d agov3

Tags

CVE-2026-9698

Trending Score6

Source articles3

Independent3

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11702EXP

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

HIGHCVE-2026-11625EXP

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

HIGHCVE-2026-48962EXP

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

HIGHCVE-2026-12844EXP

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function

NONECVE-2026-12087EXP

Socket versions before 2.041 for Perl have an out-of-bounds heap read

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 9, 2026

Discovered by ZDM

Jun 9, 2026

Updated: severity, cvssEstimate, exploitAvailable, activelyExploited

Jun 9, 2026

Updated: severity, affectedVersions, tags

Jun 9, 2026

Actively Exploited

Jun 9, 2026

Exploit Available

Jun 9, 2026

Patch Available

Jun 9, 2026

Version History

v3

Last enriched 18d ago

v3Tier C18d ago

Updated severity to CRITICAL, added affected version 1.647, and included new CVE ID CVE-2026-9698.

severityaffectedVersionstags

via VulDB

v2Tier C18d ago

Updated severity to HIGH, added CVSS estimate of 7.5, and marked exploit as available and actively exploited.

severitycvssEstimateexploitAvailableactivelyExploited

via oss-security

v118d ago

Initial creation