{"id":"CVE-2026-8450","summary":"HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()","details":"HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file().\n\nsend_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '\u003e path' and '\u003e\u003e path' open the path for write or append.\n\nUntrusted input passed to send_file() can run OS commands at the daemon process UID. The read-pipe form ('cmd |') also leaks subprocess stdout into the HTTP response body. The write-mode forms can create or truncate files at attacker chosen paths.","modified":"2026-06-24T09:14:21.634499477Z","published":"2026-05-27T04:22:26.539Z","related":["SUSE-SU-2026:22187-1","SUSE-SU-2026:2408-1","SUSE-SU-2026:2442-1","openSUSE-SU-2026:10938-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8450.json","cna_assigner":"CPANSec","cwe_ids":["CWE-73","CWE-78"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/05/27/5"},{"type":"WEB","url":"https://cpan.org/modules"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2026/06/msg00028.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8450.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/OALDERS/HTTP-Daemon-6.17/changes"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8450"},{"type":"REPORT","url":"https://github.com/libwww-perl/HTTP-Daemon/pull/89"},{"type":"FIX","url":"https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995.patch"},{"type":"PACKAGE","url":"https://github.com/libwww-perl/HTTP-Daemon"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libwww-perl/http-daemon","events":[{"introduced":"0"},{"fixed":"3fa2b03a1a46b50e0cf4704640f719424d529a03"},{"fixed":"945d35141d94490f749640bd4390acd6a2193995"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"6.17"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["v6.15","v6.14","v6.13","v6.12","v6.11","v6.10","v6.09","v6.08","v6.07","v6.06","v6.05","v6.04","v6.03","v6.02","6.01","6.00"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-8450.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}