CVE-2026-60082 in DBI
Summary
by MITRE • 07/14/2026
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.
When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.
This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.