{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "cpe": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
            "extracted_events": [
              {
                "introduced": "5.9.4"
              },
              {
                "fixed": "5.40.4"
              },
              {
                "introduced": "5.41.0"
              },
              {
                "fixed": "5.42.2"
              },
              {
                "introduced": "5.43.0"
              },
              {
                "fixed": "5.43.9"
              }
            ],
            "source": [
              "CPE_RANGE",
              "REFERENCES"
            ]
          },
          "events": [
            {
              "introduced": "27e0a6173cfa04e70f8057a8b3a0ceb668a33dbc"
            },
            {
              "fixed": "d935eee08874ebc66b5e0ffea91fa1440a189bc3"
            },
            {
              "introduced": "e8cce44acbf725a386d6645647073769caab1f34"
            },
            {
              "fixed": "b62845c7186b0b6a8e4e83419e6b5ef64ceef3ed"
            },
            {
              "introduced": "1d7f1a41a11375afc3ef8599bf5b4bd367019ba9"
            },
            {
              "fixed": "c25e30926ee2a7bf475baeda3c1b97cc56803f94"
            },
            {
              "fixed": "c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94"
            }
          ],
          "repo": "https://github.com/perl/perl5",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "CPANSec",
    "cwe_ids": [
      "CWE-1395"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4176.json"
  },
  "details": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.\n\nCompress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.",
  "id": "CVE-2026-4176",
  "modified": "2026-07-15T01:49:18.317858923Z",
  "published": "2026-03-29T20:50:51.058Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/30/2"
    },
    {
      "type": "WEB",
      "url": "https://cpan.org/modules"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4176.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://lists.security.metacpan.org/cve-announce/msg/37638919/"
    },
    {
      "type": "ADVISORY",
      "url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"
    },
    {
      "type": "ADVISORY",
      "url": "https://metacpan.org/release/SHAY/perl-5.40.4/changes"
    },
    {
      "type": "ADVISORY",
      "url": "https://metacpan.org/release/SHAY/perl-5.42.2/changes"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4176"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3381"
    },
    {
      "type": "FIX",
      "url": "https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Perl/perl5"
    }
  ],
  "schema_version": "1.8.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib"
}