← back
CVE-2026-60082

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row

Vexday Risk Score
0Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
14 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
Affected products
HMBRAND · DBI