Heap Memory Disclosure Vulnerability in XML::LibXML for Perl
CVE-2026-8177

Currently unrated

Key Information:

Vendor

Shlomif

Status
Xml::libxml
Vendor
CVE Published:
10 May 2026

What is CVE-2026-8177?

The vulnerability in XML::LibXML, found in versions up to 2.0210, allows for an out-of-bounds memory read when parsing XML node names with truncated UTF-8 byte sequences. This occurs if a node name ends mid-sequence, leading the parser to access memory beyond the intended input string, which can trigger a crash. Perl processes that handle untrusted strings with XML::LibXML's DOM node-name methods may inadvertently expose themselves to this issue, potentially resulting in a denial of service.

Affected Version(s)

XML::LibXML 0 <= 2.0210

References

https://github.com/cpan-authors/XML-LibXML/issues/146
issue-tracking
https://github.com/cpan-authors/XML-LibXML/commit/15652bd...
patch

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.