Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-49147— App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes

AI Predicted 5.4 Difficulty: Moderate EPSS 0.33% · P25

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

VendorProductVersion RangeStatus
PETDANCEApp::Ack≤ 3.10.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-49147

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes
Source: NVD (National Vulnerability Database)
Vulnerability Description
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a _safe_filename helper that sanitises the filenames printed by -f, -g, the colored match heading, and per-match lines, but the --show-types, -l/-L, and -c paths still emit the raw filename. A file whose name embeds cursor-movement or color escapes can overwrite or recolor earlier terminal output, or be passed unchanged to a downstream consumer.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
转义、元或控制序列转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PETDANCE App::Ack 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PETDANCE App::Ack是PETDANCE个人开发者的一款基于Perl的快速代码搜索工具。 PETDANCE App::Ack 3.10.0及之前版本存在输入验证错误漏洞,该漏洞源于未对文件名中的终端转义序列进行清理,导致在多个输出模式下打印未经处理的原始文件名,覆盖或重新着色先前终端输出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
PETDANCEApp::Ack 0 ~ 3.10.0 -

II. Public POCs for CVE-2026-49147

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-49147

登录查看更多情报信息。

Vendor Pages for CVE-2026-49147 (1)

Same Patch Batch · PETDANCE · 2026-07-08 · 3 CVEs total

CVE-2026-49146App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context
CVE-2026-49145App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a proje

IV. Related Vulnerabilities

V. Comments for CVE-2026-49147

No comments yet


Leave a comment