Ghostwire

CVE-2026-13401: XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The...

NULL CVSS 2.5

Published: July 16, 2026 | Last Modified: July 16, 2026

Description

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can trigger this condition.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References