CVE-2026-7111

Text::CSV XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.

The Parse, print, getline, and getline all methods invoke registered callbacks (for example after parse, before print, or on error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.

Calling code that expects parsed data from getline all receives the Text::CSV XS object in its place, leading to logic errors or crashes. Text::CSV XS objects used without any registered callbacks are not affected.