Skip to content
Threat Feed
high threat exploited

Red Hat Enterprise Linux (perl-HTTP-Daemon): Remote Code Execution Vulnerability

A remote, unauthenticated attacker can exploit a vulnerability in the 'perl-HTTP-Daemon' component within Red Hat Enterprise Linux to execute arbitrary program code with the privileges of the affected service, potentially gaining control over the compromised system.

A recent advisory from Germany's Federal Office for Information Security (BSI) via CERT-Bund highlights a critical vulnerability within the perl-HTTP-Daemon component of Red Hat Enterprise Linux. This flaw, detailed in WID-SEC-2026-2218, allows a remote, unauthenticated attacker to execute arbitrary program code with the privileges of the affected service. The exploitation of this vulnerability could lead to significant system compromise, granting attackers full control over the compromised Red Hat Enterprise Linux system. While specific in-the-wild exploitation has not been confirmed, the nature of remote code execution makes immediate patching essential for all organizations utilizing affected Red Hat systems. The advisory emphasizes the severity of this vulnerability, urging prompt action to prevent potential breaches.

Attack Chain

  1. The attacker identifies a publicly accessible Red Hat Enterprise Linux system running the vulnerable perl-HTTP-Daemon service.
  2. The attacker crafts and sends a malicious HTTP request to the vulnerable service endpoint, designed to trigger the flaw.
  3. The perl-HTTP-Daemon component processes the malformed request, leading to the execution of attacker-controlled code due to the vulnerability.
  4. Arbitrary commands are executed on the compromised system with the privileges of the perl-HTTP-Daemon service.
  5. The attacker establishes persistence mechanisms or escalates privileges to gain broader access and control over the Red Hat Enterprise Linux host.
  6. The attacker proceeds with further objectives such as data exfiltration, lateral movement within the network, or deployment of additional malicious payloads.

Impact

If successfully exploited, this vulnerability allows a remote, unauthenticated attacker to execute arbitrary code with the privileges of the perl-HTTP-Daemon service. This can lead to a complete compromise of the affected Red Hat Enterprise Linux system, including data theft, unauthorized modification of system configurations, or deployment of ransomware. The advisory does not specify observed victims or targeted sectors but highlights the potential for severe operational disruption and data loss.

Recommendation

  • Apply the latest security updates for Red Hat Enterprise Linux that address the perl-HTTP-Daemon vulnerability immediately, referencing the official Red Hat security advisories.
  • Review systems running perl-HTTP-Daemon for signs of compromise, focusing on unexpected process creation or outbound connections from the service account.