CVE-2026-7111— Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7111
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption
Source: NVD (National Vulnerability Database)
Vulnerability Description
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead. Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
无效指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Text-CSV_XS 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Text-CSV_XS是CPAN Authors开源的一个CSV文件解析与生成工具。 Text-CSV_XS 1.62之前版本存在资源管理错误漏洞,该漏洞源于注册回调扩展Perl参数栈时存在释放后重用,可能导致类型混淆或内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HMBRAND | Text::CSV_XS | 0 ~ 1.62 | - |
II. Public POCs for CVE-2026-7111
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7111
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-825
- CVE-2026-34001
Xorg: xwayland: x.org x server: use-after-free vulnerability - CVE-2026-35094
Libinput: libinput: information disclosure via dangling poin - CVE-2026-5165
Virtio-win: virtio-win: memory corruption via use-after-free - CVE-2026-2436
Libsoup: libsoup: denial of service via use-after-free in so - CVE-2026-32873
ewe: Loop with Unreachable Exit Condition ('Infinite Loop')
V. Comments for CVE-2026-7111
No comments yet