CVE Catalog

CVE-2026-13593

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

A memory leak vulnerability in CSS::Minifier::XS for Perl before version 0.14 occurs when minifying a document containing only characters to be removed, such as comments and whitespace.

Risk Assessment

The memory leak can gradually exhaust system resources, potentially causing application or service crashes when processing many documents over time.

Recommendation

Immediately upgrade the CSS::Minifier::XS library to version 0.14 or later, which fixes this vulnerability.

Original NVD description (English source)

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS