🟠 High | Source: Microsoft Security Response Center
A signed integer overflow vulnerability exists in Storable versions before 3.41 for Perl, triggered when deserialising a specially crafted SX_HOOK record. An attacker able to supply malicious serialised data could potentially exploit this flaw to cause unexpected behaviour, memory corruption, or arbitrary code execution. This is relevant to Azure environments where Perl-based workloads or dependencies on the Storable module are in use.
Security Architect’s Take: Audit your Azure workloads and pipelines for any Perl-based components using the Storable module and upgrade to version 3.41 or later immediately; pay particular attention to any services that deserialise untrusted or externally supplied data, as these represent the highest-risk attack surface.
Original advisory: CVE-2026-57433 Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record