CPANSA-Web-Passwd-2026-8500: Web-Passwd vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2026-05-13T00:00:00 | Engine | CSAF Perl Toolkit 0.26 |
| Current release date | 2026-05-13T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.
Vulnerabilities
CVE-2026-8500
Vulnerability DescriptionProduct status
Known affected
| Product | Score | ||||
|---|---|---|---|---|---|
| Web-Passwd greater than 0 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Web-Passwd-2026-8500 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2026/cpansa-web-passwd-2026-8500.json - https://httpd.apache.org/docs/current/programs/htpasswd.html external
https://httpd.apache.org/docs/current/programs/htpasswd.html - https://metacpan.org/release/EVANK/Web-Passwd-0.03 external
https://metacpan.org/release/EVANK/Web-Passwd-0.03 - http://www.openwall.com/lists/oss-security/2026/05/13/8 external
http://www.openwall.com/lists/oss-security/2026/05/13/8 - CVE-2026-8500 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2026-8500
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed May 13 00:00:00 2026 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/