CVE-2026-7040

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-7040
Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minify.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/robrwo/Text-Minify-XS/security/advisories/GHSA-jqhf-vv4h-77h2 Third Party Advisory
https://metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/changes Product Release Notes
http://www.openwall.com/lists/oss-security/2026/04/27/5 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rrwo:text\:\:minify\:\:xs:*:*:*:*:*:perl:*:*
History

07 May 2026, 02:20

Type Values Removed Values Added
First Time Rrwo
Rrwo text\
References () https://github.com/robrwo/Text-Minify-XS/security/advisories/GHSA-jqhf-vv4h-77h2 - () https://github.com/robrwo/Text-Minify-XS/security/advisories/GHSA-jqhf-vv4h-77h2 - Third Party Advisory
References () https://metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/changes - () https://metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/changes - Product, Release Notes
References () http://www.openwall.com/lists/oss-security/2026/04/27/5 - () http://www.openwall.com/lists/oss-security/2026/04/27/5 - Mailing List, Third Party Advisory
CPE cpe:2.3:a:rrwo:text\:\:minify\:\:xs:*:*:*:*:*:perl:*:*

01 May 2026, 16:16

Type Values Removed Values Added
Summary (en) Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minify. (en) Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minify.

28 Apr 2026, 15:16

Type Values Removed Values Added
Summary (en) Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minnify. (en) Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minify.

27 Apr 2026, 17:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/04/27/5 -

27 Apr 2026, 15:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

27 Apr 2026, 13:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-27 13:16

Updated : 2026-05-07 02:20

NVD link : CVE-2026-7040

Mitre link : CVE-2026-7040

CVE.ORG link : CVE-2026-7040

JSON object : View

Products Affected

rrwo

  • text\
CWE
CWE-122

Heap-based Buffer Overflow

CWE-176

Improper Handling of Unicode Encoding