UBUNTU-CVE-2026-48962
- Source
- https://ubuntu.com/security/CVE-2026-48962
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48962.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-48962
- Upstream
- Published
- 2026-05-27T04:16:00Z
- Modified
- 2026-05-29T18:00:51.053703117Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl. Arbitrary Perl in the output glob executes at the calling process's privilege.
- References
-
- https://ubuntu.com/security/CVE-2026-48962
- https://www.cve.org/CVERecord?id=CVE-2026-48962
- https://lists.security.metacpan.org/cve-announce/msg/40434385/
- https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610.patch
- https://metacpan.org/release/PMQS/IO-Compress-2.220/changes
- http://www.openwall.com/lists/oss-security/2026/05/27/4
Affected packages
Ubuntu:16.04:LTS
libio-compress-perl
Package
- Name
- libio-compress-perl
- Purl
- pkg:deb/ubuntu/libio-compress-perl?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.26.0-8ubuntu1
5.26.1-2ubuntu1
5.26.1-3
5.26.1-4
5.26.1-4build1
5.26.1-5
5.26.1-6
5.26.1-6ubuntu0.1
5.26.1-6ubuntu0.2
5.26.1-6ubuntu0.3
5.26.1-6ubuntu0.5
5.26.1-6ubuntu0.6
5.26.1-6ubuntu0.7
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.26.1-6ubuntu0.7",
"binary_name": "libperl5.26"
},
{
"binary_version": "5.26.1-6ubuntu0.7",
"binary_name": "perl"
},
{
"binary_version": "5.26.1-6ubuntu0.7",
"binary_name": "perl-base"
},
{
"binary_version": "5.26.1-6ubuntu0.7",
"binary_name": "perl-debug"
},
{
"binary_version": "5.26.1-6ubuntu0.7",
"binary_name": "perl-modules-5.26"
}
]
}libio-compress-perl
Package
- Name
- libio-compress-perl
- Purl
- pkg:deb/ubuntu/libio-compress-perl?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.28.1-6build1
5.30.0-7
5.30.0-9
5.30.0-9build1
5.30.0-9ubuntu0.2
5.30.0-9ubuntu0.3
5.30.0-9ubuntu0.4
5.30.0-9ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.30.0-9ubuntu0.5",
"binary_name": "libperl5.30"
},
{
"binary_version": "5.30.0-9ubuntu0.5",
"binary_name": "perl"
},
{
"binary_version": "5.30.0-9ubuntu0.5",
"binary_name": "perl-base"
},
{
"binary_version": "5.30.0-9ubuntu0.5",
"binary_name": "perl-debug"
},
{
"binary_version": "5.30.0-9ubuntu0.5",
"binary_name": "perl-modules-5.30"
}
]
}libio-compress-perl
Package
- Name
- libio-compress-perl
- Purl
- pkg:deb/ubuntu/libio-compress-perl?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS
libio-compress-perl
Package
- Name
- libio-compress-perl
- Purl
- pkg:deb/ubuntu/libio-compress-perl?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.32.1-3ubuntu3
5.34.0-3ubuntu1
5.34.0-3ubuntu1.1
5.34.0-3ubuntu1.2
5.34.0-3ubuntu1.3
5.34.0-3ubuntu1.4
5.34.0-3ubuntu1.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.34.0-3ubuntu1.5",
"binary_name": "libperl5.34"
},
{
"binary_version": "5.34.0-3ubuntu1.5",
"binary_name": "perl"
},
{
"binary_version": "5.34.0-3ubuntu1.5",
"binary_name": "perl-base"
},
{
"binary_version": "5.34.0-3ubuntu1.5",
"binary_name": "perl-debug"
},
{
"binary_version": "5.34.0-3ubuntu1.5",
"binary_name": "perl-modules-5.34"
}
]
}Ubuntu:24.04:LTS
libio-compress-perl
Package
- Name
- libio-compress-perl
- Purl
- pkg:deb/ubuntu/libio-compress-perl?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.36.0-9ubuntu1
5.36.0-10ubuntu1
5.38.2-3
5.38.2-3.2
5.38.2-3.2build1
5.38.2-3.2build2
5.38.2-3.2build2.1
5.38.2-3.2ubuntu0.1
5.38.2-3.2ubuntu0.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.38.2-3.2ubuntu0.2",
"binary_name": "libperl5.38t64"
},
{
"binary_version": "5.38.2-3.2ubuntu0.2",
"binary_name": "perl"
},
{
"binary_version": "5.38.2-3.2ubuntu0.2",
"binary_name": "perl-base"
},
{
"binary_version": "5.38.2-3.2ubuntu0.2",
"binary_name": "perl-debug"
},
{
"binary_version": "5.38.2-3.2ubuntu0.2",
"binary_name": "perl-modules-5.38"
}
]
}Ubuntu:25.10
libio-compress-perl
Package
- Name
- libio-compress-perl
- Purl
- pkg:deb/ubuntu/libio-compress-perl?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.40.1-6build1",
"binary_name": "libperl5.40"
},
{
"binary_version": "5.40.1-6build1",
"binary_name": "perl"
},
{
"binary_version": "5.40.1-6build1",
"binary_name": "perl-base"
},
{
"binary_version": "5.40.1-6build1",
"binary_name": "perl-debug"
},
{
"binary_version": "5.40.1-6build1",
"binary_name": "perl-modules-5.40"
}
]
}Ubuntu:26.04:LTS
libio-compress-perl
Package
- Name
- libio-compress-perl
- Purl
- pkg:deb/ubuntu/libio-compress-perl?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.40.1-7build1",
"binary_name": "libperl5.40"
},
{
"binary_version": "5.40.1-7build1",
"binary_name": "perl"
},
{
"binary_version": "5.40.1-7build1",
"binary_name": "perl-base"
},
{
"binary_version": "5.40.1-7build1",
"binary_name": "perl-debug"
},
{
"binary_version": "5.40.1-7build1",
"binary_name": "perl-modules-5.40"
}
]
}Ubuntu:Pro:14.04:LTS
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.14.2-21build1
5.18.1-4
5.18.1-4build1
5.18.1-5
5.18.2-2
5.18.2-2ubuntu1
5.18.2-2ubuntu1.1
5.18.2-2ubuntu1.3
5.18.2-2ubuntu1.4
5.18.2-2ubuntu1.6
5.18.2-2ubuntu1.7
5.18.2-2ubuntu1.7+esm3
5.18.2-2ubuntu1.7+esm4
5.18.2-2ubuntu1.7+esm5
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.18.2-2ubuntu1.7+esm5",
"binary_name": "libcgi-fast-perl"
},
{
"binary_version": "5.18.2-2ubuntu1.7+esm5",
"binary_name": "libperl5.18"
},
{
"binary_version": "5.18.2-2ubuntu1.7+esm5",
"binary_name": "perl"
},
{
"binary_version": "5.18.2-2ubuntu1.7+esm5",
"binary_name": "perl-base"
},
{
"binary_version": "5.18.2-2ubuntu1.7+esm5",
"binary_name": "perl-debug"
},
{
"binary_version": "5.18.2-2ubuntu1.7+esm5",
"binary_name": "perl-modules"
}
]
}Ubuntu:Pro:16.04:LTS
perl
Package
- Name
- perl
- Purl
- pkg:deb/ubuntu/perl?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.20.2-6
5.22.1-3
5.22.1-4
5.22.1-5
5.22.1-7
5.22.1-8
5.22.1-9
5.22.1-9ubuntu0.2
5.22.1-9ubuntu0.3
5.22.1-9ubuntu0.5
5.22.1-9ubuntu0.6
5.22.1-9ubuntu0.9
5.22.1-9ubuntu0.9+esm1
5.22.1-9ubuntu0.9+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.22.1-9ubuntu0.9+esm2",
"binary_name": "libperl5.22"
},
{
"binary_version": "5.22.1-9ubuntu0.9+esm2",
"binary_name": "perl"
},
{
"binary_version": "5.22.1-9ubuntu0.9+esm2",
"binary_name": "perl-base"
},
{
"binary_version": "5.22.1-9ubuntu0.9+esm2",
"binary_name": "perl-debug"
},
{
"binary_version": "5.22.1-9ubuntu0.9+esm2",
"binary_name": "perl-modules-5.22"
}
]
}