CVE-2026-11527

216.73.216.233

· Published 14/06/2026 14:16 · Modified 15/06/2026 21:16 · Author: The MITRE Corporation

Labels: CVE-2026-11527 2026-06-14 9b29abf9-4ab0-4765-b253-1875cd9b441e CVE-2026-11527 CWE-73

Essential information

Published: 14/06/2026 14:16
Modified: 15/06/2026 21:16
Author: The MITRE Corporation
Creator: The MITRE Corporation
CVSS: 8.6 HIGH (v3.1)
CISA KEV: No
CWE: CWE-73 CWE-78
EPSS (First): P50.1% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00755)
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or ends with a pipe ("| cmd", "cmd |") or begins with a redirect ("> path", ">> path") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file => $thing) reaches it through ReadConfig. An in-memory scalar reference (-file => \$text) does not open a path and is unaffected. Any caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: nist-nvd-api
NVD: View on NVD

Affected products (CPE)

Product	CPE
perl / config	`cpe:2.3:a:perl:config::inifiles:<3.001000:::::::*`