High severity7.5NVD Advisory· Published Apr 27, 2026· Updated May 7, 2026
CVE-2026-7040
CVE-2026-7040
Description
Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.
The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.
Note that the minify_utf8 function is an alias for minify.
Affected products
2- Range: >=0.3.0,<0.7.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.openwall.com/lists/oss-security/2026/04/27/5nvdMailing ListThird Party Advisory
- github.com/robrwo/Text-Minify-XS/security/advisories/GHSA-jqhf-vv4h-77h2nvdThird Party Advisory
- metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/changesnvdProductRelease Notes
News mentions
0No linked articles in our index yet.