======================================================================== CVE-2026-13593 CPAN Security Group ======================================================================== CVE ID: CVE-2026-13593 Distribution: CSS-Minifier-XS Versions: before 0.14 MetaCPAN: https://metacpan.org/dist/CSS-Minifier-XS VCS Repo: https://github.com/bleargh45/CSS-Minifier-XS CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away Description ----------- CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace. Problem types ------------- - CWE-401 Missing Release of Memory after Effective Lifetime Solutions --------- Upgrade to CSS::Minifier::XS version 0.14 or later. References ---------- https://metacpan.org/release/GTERMARS/CSS-Minifier-XS-0.14/changes
