Denial of Service Vulnerability in HTTP::Date by Perl
CVE-2026-14741

Currently unrated

Key Information:

Vendor

Oalders

Vendor
CVE Published:
17 July 2026

What is CVE-2026-14741?

A vulnerability exists in the HTTP::Date module for Perl, where the parse_date function can be exploited to cause CPU exhaustion. This occurs through polynomial regex backtracking when processing potentially malicious date strings. The issue arises from specific regex patterns that can lead to extensive CPU consumption, especially when handling untrusted sources. As a result, an attacker can force the application to consume unbounded CPU resources, potentially leading to a denial of service. The vulnerability affects versions of HTTP::Date prior to 6.08, and users are urged to apply the necessary patches to mitigate this risk.

Affected Version(s)

HTTP::Date 0 < 6.08

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.