Thread Index - May 2026 - CPANSec CVE announcements

CVE-2026-40561: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge (03 May 2026 00:58 UTC)
CVE-2026-5081: Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure Robert Rothenberg (06 May 2026 12:19 UTC)
CVE-2026-40562: Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence Robert Rothenberg (06 May 2026 12:38 UTC)