CVE-2026-13221: Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

Overview

Severity
Medium (CVSS 4)
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploit Status
Not Exploited
Patch Tuesday
2026-Jul
Released
2026-07-15
EPSS Score
0.21% (percentile: 10.8%)

Affected Products (1)

Other

  • 21504-17084

Revision History

  • 2026-07-15: Information published.