Denial of Service Vulnerability in Text::LineFold by Perl
CVE-2026-8594

Currently unrated

Key Information:

Vendor

Nezumi

Status
Text::linefold
Vendor
CVE Published:
30 May 2026

What is CVE-2026-8594?

The Text::LineFold module in Perl, particularly in versions up to 2019.001, exhibits a critical programming flaw. This flaw occurs when the module processes special line break characters, leading to duplication of the entire input string for each segment generated. This behavior not only results in incorrect output but can also result in unexpected resource consumption, potentially culminating in a denial of service condition. As Text::LineFold is part of the Unicode-LineBreak distribution, its version number may differ, but users should be aware of the risks associated with this vulnerability.

Affected Version(s)

Text::LineFold 0 <= 2019.001

References

https://metacpan.org/release/NEZUMI/Unicode-LineBreak-201...
https://security.metacpan.org/patches/U/Unicode-LineBreak...
patch
https://github.com/hatukanezumi/Unicode-LineBreak/pull/6
issue-tracking

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.