PT-2026-57822 · Perl · Perl

Published

2026-07-13

·

Updated

2026-07-14

·

CVE-2026-13221

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.44
Description Incorrect regular expression matches occur when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl study chunk. A trie is a specialized tree-like data structure used for efficient retrieval of keys. In this case, the delta between the first branch and the shared tail is stored in a 16-bit field; when the branch count exceeds 65535, this field overflows, causing the match decision table to be truncated without warning. This leads to false positive matches and false negative matches, which can result in incorrect access or filtering decisions.
Recommendations Update to a version later than 5.43.9.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13221

Affected Products

Perl