🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-60081 affects DBI::ProfileData, a Perl module used for database interface profiling, in versions prior to 1.651. The vulnerability stems from a failure to limit path index values, which could allow an attacker to access or manipulate data outside intended boundaries. While surfaced via the Microsoft Security Response Center under Azure, any environment running an unpatched version of this Perl module may be at risk.

Security Architect’s Take: Audit your Azure-hosted workloads and CI/CD pipelines for Perl environments using DBI::ProfileData, and ensure the module is updated to version 1.651 or later. If Perl-based database profiling is not required in production, consider disabling or removing the module entirely to reduce attack surface.

Original advisory: CVE-2026-60081 DBI::ProfileData versions before 1.651 for Perl do not limit the path index