Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3138 articles · 171777 vulns · 37/41 feeds (7d)
← Back to list
EST
PRE-CVE

Metric Injection Vulnerability in Statsd Client Modules

56% confidence

Description

11 Statsd client modules allow metric injection when assembling metric names, values, or tags from untrusted input. Ineffective mitigations in some modules increase risk. Additionally, improper use of the statsd set_add method in Plack and Catalyst plugins could leak sensitive information (e.g., session IDs, IP addresses) if connections to statsd servers are unsecured. The lack of an official Statsd specification contributed to overlooked security issues.

Related News (1 articles)

Tier C
oss-security1h ago
Security Considerations for Statsd Clients
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
PublishedJul 6, 2026
Last enriched1h ago
Tags
metric injectionstatsdinsecure input handling
Trending Score20
Source articles1
Independent1
Info Completeness2/14
Missing: cve_id, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Pin to Dashboard

Verification

State: reported
Confidence: 56%

Vulnerability Timeline

CVE Published
Jul 6, 2026
Discovered by ZDM
Jul 6, 2026