CVE-2026-8594
Text::LineFold Perl Module Line Break Handling Denial of Service
Publication date: 2026-05-30
Last updated on: 2026-05-30
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unicode | linebreak | 2019.001 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-407 | An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
| CWE-405 | The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Text::LineFold versions through 2019.001 for Perl involves the module duplicating the output based on the number of special break characters in the input string.
Text::LineFold splits the input string by specific line break characters (such as VT, FF, and others) into segments, but incorrectly applies the break function to the entire string instead of just the individual segment.
This causes the full input to be duplicated for each segment, which is incorrect behavior and can lead to unexpected resource consumption.
How can this vulnerability impact me? :
The main impact of this vulnerability is that it can cause unexpected resource consumption due to the duplication of the entire input string for each segment.
This excessive resource usage can potentially lead to a denial of service (DoS) condition, where the system or application becomes unresponsive or crashes because of the overload.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs in the Text::LineFold Perl module versions through 2019.001, where the fold function duplicates the entire input string for each segment separated by special break characters. Detection involves identifying if your system uses this vulnerable version of the module.
To detect the vulnerability on your system, you can check the installed version of the Unicode-LineBreak distribution or the Text::LineFold module.
- Run the command `perl -MText::LineFold -e 'print $Text::LineFold::VERSION'` to check the installed version of Text::LineFold.
- Alternatively, check the Unicode-LineBreak distribution version with your package manager or by inspecting the module files.
If the version is 2019.001 or earlier, your system is vulnerable to this issue.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Text::LineFold module to a version that includes the fix for CVE-2026-8594.
The vulnerability was fixed by correcting the fold function to properly handle string segments without duplicating the entire input.
- Update the Unicode-LineBreak distribution to a version later than 2019.001 that contains the fix.
- Apply the patch from the official repository or source if an update is not immediately available.
Avoid using the vulnerable version in production environments until the fix is applied to prevent potential denial of service due to resource exhaustion.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.