Skip to main content

Xml CVE-2026-13401

| EUVDEUVD-2026-44964
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-07-16 CPANSec GHSA-8299-xh3w-xhx5

Lifecycle Timeline

1
CVE Published
Jul 16, 2026 - 16:14 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes.

The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.

Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition.

Analysis

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13401 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy