CVE-2026-3381

CRITICAL EPSS 41.7%
Published Mar 5, 20263mo ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Mar 5, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
41.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-1284

Affected Products 1

VendorProductVersionRange
pmqscompress\\ ≤2.219

References 7

  • 7asecurity.com https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/
    Third Party Advisory
  • github.com https://github.com/madler/zlib
    Product
  • github.com https://github.com/madler/zlib/releases/tag/v1.3.2
    Release Notes
  • github.com https://github.com/pmqs/Compress-Raw-Zlib/issues/41
    Issue Tracking
  • metacpan.org https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
    ProductRelease Notes
  • cve.org https://www.cve.org/CVERecord?id=CVE-2026-27171
    Third Party Advisory
  • zlib.net https://www.zlib.net/
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.