CVE-2026-13593
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
A memory leak vulnerability in CSS::Minifier::XS for Perl before version 0.14 occurs when minifying a document containing only characters to be removed, such as comments and whitespace.
Risk Assessment
The memory leak can gradually exhaust system resources, potentially causing application or service crashes when processing many documents over time.
Recommendation
Immediately upgrade the CSS::Minifier::XS library to version 0.14 or later, which fixes this vulnerability.
Original NVD description (English source)
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace.

