Vulnerability in Oalders Http::date

CVE-2026-14741

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse_date. parse_date() matches the date string against a chain of alternative regexes, and str2time() delegates to it. Several of these p…

Vulnerability class: ReDoS (Regular Expression Denial of Service)

Affected products

Weakness classification (CWE)

References