๐Ÿ” CVE Alert

CVE-2026-13221

CRITICAL 9.1

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

CVSS Score
9.1
EPSS Score
0.2%
EPSS Percentile
11th

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.

CWE CWE-190
Vendor shay
Product perl
Published Jul 13, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for shay perl

Be the first to know when new critical vulnerabilities affecting shay perl are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

SHAY / perl
0 โ‰ค 5.43.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/Perl/perl5/commit/03f74bbbd3a68350d926ee93d56ee4808c28c4c7.patch github.com: https://github.com/Perl/perl5/issues/23388 openwall.com: http://www.openwall.com/lists/oss-security/2026/07/13/5