CVE-2026-4176

CRITICAL EPSS 47.6%
Published Mar 29, 20263mo ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Mar 29, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
47.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
perlperl*≥5.9.4  –  <5.40.4
perlperl*≥5.41.0  –  <5.42.2
perlperl*≥5.43.0  –  <5.43.9

References 7

  • openwall.com http://www.openwall.com/lists/oss-security/2026/03/30/2
    Mailing ListThird Party Advisory
  • github.com https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
    Patch
  • lists.security.metacpan.org https://lists.security.metacpan.org/cve-announce/msg/37638919/
    Third Party Advisory
  • metacpan.org https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
    Release Notes
  • metacpan.org https://metacpan.org/release/SHAY/perl-5.40.4/changes
    Release Notes
  • metacpan.org https://metacpan.org/release/SHAY/perl-5.42.2/changes
    Release Notes
  • cve.org https://www.cve.org/CVERecord?id=CVE-2026-3381
    Third Party Advisory

Remediation

  • github.com https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
    Patch