CVE-2026-8177

Name of the Vulnerable Software and Affected Versions XML::LibXML versions prior to 2.0211

Description XML::LibXML for Perl reads out-of-bounds heap memory when parsing XML node names that contain truncated UTF-8 byte sequences. A node name ending in the middle of a multi-byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process passing attacker-controlled strings to DOM node-name methods can trigger this issue on the default API, likely resulting in a crash and denial of service.

Recommendations Update to version 2.0211 or later.