CVE-2026-8796

🗓️ 31 May 2026 19:43:22Reported by CPANSecType

CVE-2026-8796: Sereal::Decoder for Perl before 5.005 allows heap out-of-bounds read from crafted input.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-8796	31 May 202619:43	–	attackerkb
Amazon	Important: perl-Sereal-Decoder	22 Jun 202600:00	–	amazon
Circl	CVE-2026-8796	31 May 202622:53	–	circl
CNNVD	Sereal::Decoder 安全漏洞	31 May 202600:00	–	cnnvd
Cvelist	CVE-2026-8796 Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input	31 May 202619:43	–	cvelist
Debian CVE	CVE-2026-8796	31 May 202619:43	–	debiancve
EUVD	EUVD-2026-33517	31 May 202619:43	–	euvd
NVD	CVE-2026-8796	31 May 202620:16	–	nvd
OPENSUSE Linux	perl-Sereal-Decoder-5.6.0-1.1 on GA media (moderate)	5 Jun 202600:00	–	opensuse
OSV	DEBIAN-CVE-2026-8796	31 May 202620:16	–	osv

[
  {
    "collectionURL": "https://cpan.org/modules",
    "defaultStatus": "unaffected",
    "packageName": "Sereal-Decoder",
    "product": "Sereal::Decoder",
    "programFiles": [
      "Perl/Decoder/srl_decoder.c"
    ],
    "programRoutines": [
      {
        "name": "srl_read_object()"
      },
      {
        "name": "srl_read_hash()"
      }
    ],
    "repo": "https://github.com/Sereal/Sereal",
    "vendor": "YVES",
    "versions": [
      {
        "lessThan": "5.005",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
metacpan	www.metacpan.org/release/YVES/Sereal-Decoder-5.005/changes
github	www.github.com/Sereal/Sereal/commit/303a2c69cdba80bf37a3ff43461e0aa78198a7a3.patch
openwall	www.openwall.com/lists/oss-security/2026/06/01/1

17 Jun 2026 11:04Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18.1

EPSS0.00405

SSVC

CWE-125