๐Ÿ” CVE Alert

CVE-2026-57076

UNKNOWN 0.0

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor. In the bundled libsyck an anchor name allocated by syck_strndup is stored both as node->anchor, freed when the node is freed, and as the key in the parser's anchors table. Freeing the node frees the shared key, and a later anchor redefinition makes st_delete compare against the freed key, so st_strcmp reads freed heap memory. Anchors are a standard YAML feature and need no special flags, so this is reached on the default Load path. Any caller that runs Load or LoadFile on an untrusted document that redefines an anchor reaches the read of freed memory.

CWE CWE-416
Vendor toddr
Product yaml::syck
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for toddr yaml::syck

Be the first to know when new unknown vulnerabilities affecting toddr yaml::syck are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

TODDR / YAML::Syck
0 < 1.47

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
metacpan.org: https://metacpan.org/release/TODDR/YAML-Syck-1.47/changes github.com: https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b.patch