Fluid Attacks Database

Description

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libnet-cidr-lite-perl	=0.22-1 \|\| =0.22-2 \|\| =0.22-3 \|\| =0.22-3~deb12u1 \|\| =0.22-3~deb13u1 \|\| =0.23-1 \|\| =0.24-1	-
debian 12	libnet-cidr-lite-perl	=0.22-2 \|\| =0.22-3 \|\| =0.22-3~deb12u1 \|\| =0.22-3~deb13u1 \|\| =0.23-1 \|\| =0.24-1	-
debian 13	libnet-cidr-lite-perl	=0.22-2 \|\| =0.22-3 \|\| =0.22-3~deb12u1 \|\| =0.22-3~deb13u1 \|\| =0.23-1 \|\| =0.24-1	-
debian 14	libnet-cidr-lite-perl	=0.22-2 \|\| =0.22-3 \|\| =0.22-3~deb12u1 \|\| =0.22-3~deb13u1 \|\| =0.23-1 \|\| >=0 <0.24-1	0.24-1

Aliases

1. CVE-2026-451912. NVD-2026-451913. OSV-DEBIAN-2026-451914. OSV-2026-451915. SECURITY-TRACKER-CVE-2026-45191

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.