CVE-2026-57073
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.
| CWE | CWE-125 |
| Vendor | codechild |
| Product | html::bare |
| Published | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for codechild html::bare
Be the first to know when new unknown vulnerabilities affecting codechild html::bare are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
CODECHILD / HTML::Bare
0 โค 0.04