CVE-2026-9270

DataDog::DogStatsd for Perl (up to version 0.07) is vulnerable to metric injections due to insufficient input sanitization in the send_stats pathway. The stat name is not stripped of newlines, enabling prefix manipulation; the value (delta) is not validated, allowing injection via set/gauge/count...

CVE-2026-11362

DataDog::DogStatsd for Perl versions through 0.07 is vulnerable to metric injections via event tags. The root cause is the format_event method not validating tag content, allowing commas, newlines, pipes and colons in tags; an ineffective pipe-removal attempt (s/|//g) due to unescaped pipe being ...