Home / Vulnerability Intelligence / CVE-2026-7111

CVE-2026-7111 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: April 29, 2026

Text::CSV_XS - Use After Free

Published: April 29, 2026Updated: April 29, 2026

Overview

Text::CSV_XS < 1.62 for Perl contains a use-after-free caused by registered callbacks extending the Perl argument stack, letting attackers cause type confusion or memory corruption, exploit requires registered callbacks that extend the argument stack.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Attackers can cause type confusion or memory corruption, leading to crashes or logic errors.

Mitigation

Update to version 1.62 or later.

References

https://github.com/cpan-authors/Text-CSV_XS/commit/c17f31a5f2bf36674748eb4b6e25672f0571a224.patch
https://metacpan.org/release/HMBRAND/Text-CSV_XS-1.62/changes
http://www.openwall.com/lists/oss-security/2026/04/29/17

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7111
Severity: High
CVSS Score: 8.4
Type: use_after_free
Status: new

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H