Heap Overflow Vulnerability in Text::Minify::XS for Perl by Rob R. Wojtowicz
CVE-2026-7040

7.5HIGH

Key Information:

Vendor: Rrwo
Status: Text::minify::xs
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-7040?

A heap overflow vulnerability exists in Text::Minify::XS versions prior to v0.7.8 for Perl, which occurs during the processing of malformed UTF-8 characters. This flaw can lead to unexpected behavior and potential system instability due to heap corruption. Specific minification functions within the library fail to handle these malformed characters appropriately, allowing for exploitation in certain configurations. Users are advised to upgrade to the latest version to avoid these issues and enhance overall security.

Affected Version(s)

Text::Minify::XS v0.3.0

References

https://github.com/robrwo/Text-Minify-XS/security/advisor...

vendor-advisory

https://metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/c...

release-notes

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Apr 25, 2026

CVE-2026-7040 Data

JSON

Rrwo

What is CVE-2026-7040?

Affected Version(s)

References

CVSS V3.1

Timeline