CVE-2026-13593: CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away
Robert Rothenberg 29 Jun 2026 19:41 UTC
========================================================================
CVE-2026-13593 CPAN Security Group
========================================================================
CVE ID: CVE-2026-13593
Distribution: CSS-Minifier-XS
Versions: before 0.14
MetaCPAN: https://metacpan.org/dist/CSS-Minifier-XS
VCS Repo: https://github.com/bleargh45/CSS-Minifier-XS
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when
the entire document is minified away
Description
-----------
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when
the entire document is minified away.
The minify function has a memory leak when processing a document
containing only characters to be removed, such as comments and
whitespace.
Problem types
-------------
- CWE-401 Missing Release of Memory after Effective Lifetime
Solutions
---------
Upgrade to CSS::Minifier::XS version 0.14 or later.
References
----------
https://metacpan.org/release/GTERMARS/CSS-Minifier-XS-0.14/changes
