CVE-2026-7040 | THREATINT

Description

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minify.

PUBLISHED Reserved 2026-04-25 | Published 2026-04-27 | Updated 2026-04-28 | Assigner CPANSec

Problem types

CWE-176 Improper Handling of Unicode Encoding

CWE-122 Heap-based Buffer Overflow

Product status

Default status

unaffected

v0.3.0 (custom) before v0.7.8

affected

Timeline

2026-04-23:	This issue was identified by CPANSec
2025-04-25:	Fix uploaded to CPAN

Credits

CPANSec finder

References

www.openwall.com/lists/oss-security/2026/04/27/5

github.com/...ify-XS/security/advisories/GHSA-jqhf-vv4h-77h2 vendor-advisory

metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/changes release-notes

cve.org (CVE-2026-7040)

nvd.nist.gov (CVE-2026-7040)

Download JSON

help @ threatint.eu