Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-48962
PUBLISHED
More InfoOfficial Page
Assigner-CPANSec
Assigner Org ID-9b29abf9-4ab0-4765-b253-1875cd9b441e
View Known Exploited Vulnerability (KEV) details
Published At-27 May, 2026 | 03:12
Updated At-30 Jun, 2026 | 03:16
Rejected At-
â–¼CVE Numbering Authority (CNA)
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl. Arbitrary Perl in the output glob executes at the calling process's privilege.

Affected Products
Vendor
PMQS
Product
IO::Compress
Collection URL
https://cpan.org/modules
Package Name
IO-Compress
Repo
https://github.com/pmqs/IO-Compress
Program Files
  • lib/File/GlobMapper.pm
Program Routines
  • File::GlobMapper::_parseOutputGlob
  • File::GlobMapper::_getFiles
Default Status
unaffected
Versions
Affected
  • From 0 before 2.220 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-95CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Type: CWE
CWE ID: CWE-95
Description: CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade to IO-Compress 2.220 or later.

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Issue reported.2026-05-14 00:00:00
Version 2.220 released.2026-05-16 00:00:00
Event: Issue reported.
Date: 2026-05-14 00:00:00
Event: Version 2.220 released.
Date: 2026-05-16 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610.patch
patch
https://metacpan.org/release/PMQS/IO-Compress-2.220/changes
release-notes
Hyperlink: https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610.patch
Resource:
patch
Hyperlink: https://metacpan.org/release/PMQS/IO-Compress-2.220/changes
Resource:
release-notes
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2026/05/27/4
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/05/27/4
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
3. perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of unauthorized code on the system, potentially allowing the attacker to take full control of the affected process.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Server (v. 7 ELS)
CPEs
  • cpe:/o:redhat:rhel_els:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream EUS (v. 10.0)
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream (v. 10)
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream (v. 8)
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream E4S (v.9.2)
CPEs
  • cpe:/a:redhat:rhel_e4s:9.2::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream E4S (v.9.4)
CPEs
  • cpe:/a:redhat:rhel_e4s:9.4::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream EUS (v.9.6)
CPEs
  • cpe:/a:redhat:rhel_eus:9.6::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream (v. 9)
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS (v. 8)
CPEs
  • cpe:/o:redhat:enterprise_linux:8::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS AUS (v.8.4)
CPEs
  • cpe:/o:redhat:rhel_aus:8.4::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)
CPEs
  • cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS AUS (v.8.6)
CPEs
  • cpe:/o:redhat:rhel_aus:8.6::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)
CPEs
  • cpe:/o:redhat:rhel_eus_long_life:8.6::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS E4S (v.8.8)
CPEs
  • cpe:/o:redhat:rhel_e4s:8.8::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS TUS (v.8.8)
CPEs
  • cpe:/o:redhat:rhel_tus:8.8::baseos
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-94Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:30843: Red Hat Enterprise Linux Server (v. 7 ELS)

RHSA-2026:29941: Red Hat Enterprise Linux AppStream EUS (v. 10.0)

RHSA-2026:30860: Red Hat Enterprise Linux AppStream (v. 10)

RHSA-2026:30851: Red Hat Enterprise Linux AppStream (v. 8)

RHSA-2026:29210: Red Hat Enterprise Linux AppStream E4S (v.9.2)

RHSA-2026:29182: Red Hat Enterprise Linux AppStream E4S (v.9.4)

RHSA-2026:30085: Red Hat Enterprise Linux AppStream EUS (v.9.6)

RHSA-2026:30859: Red Hat Enterprise Linux AppStream (v. 9)

RHSA-2026:30858: Red Hat Enterprise Linux BaseOS (v. 8)

RHSA-2026:29867: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)

RHSA-2026:30115: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)

RHSA-2026:30086: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)

Configurations

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-05-27 04:01:00
Made public.2026-05-27 03:12:38
Event: Reported to Red Hat.
Date: 2026-05-27 04:01:00
Event: Made public.
Date: 2026-05-27 03:12:38
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-48962
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2481767
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48962.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:30843
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29941
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30860
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30851
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29210
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29182
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30085
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30859
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30858
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29867
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30115
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30086
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-48962
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2481767
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48962.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30843
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:29941
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30860
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30851
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:29210
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:29182
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30085
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30859
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30858
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:29867
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30115
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30086
Resource:
vendor-advisory
x_refsource_REDHAT
Details not found