CVE-2026-11526: Perl GD OS Command Injection Flaw
🟠 High | Source: Microsoft Security Response Center A vulnerability in GD versions before 2.86 for Perl allows attackers to perform OS command injection and overwrite arbitrary files by exploiting a two-argument open() call when handling filename arguments in the _make_filehandle function. This is a well-known Perl pitfall where unsanitised filenames can be interpreted as shell commands. If exploited, an attacker could execute arbitrary commands or corrupt files on the underlying system. ...