CVE-2026-49342: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in lsegal yard
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html` is joined against that root and can return a readable sibling `.html` file outside the intended static tree. Version 0.9.44 patches the issue.
AI Analysis
Technical Summary
CVE-2026-49342 describes a path traversal vulnerability in YARD before version 0.9.44. The static cache lookup mechanism processes the request path prior to the router's path normalization, enabling an attacker to craft traversal paths (e.g., '/../yard-cache-secret.html') that bypass the intended document root restrictions. This allows unauthorized reading of sibling .html files outside the static content tree. The issue is addressed by a patch in YARD version 0.9.44.
Potential Impact
An attacker can read files outside the intended static directory by exploiting the path traversal flaw, potentially exposing sensitive documentation or cached HTML files. The vulnerability does not allow modification or denial of service, only unauthorized read access to files accessible by the server process.
Mitigation Recommendations
Upgrade YARD to version 0.9.44 or later, where the path traversal vulnerability is patched. No other mitigation is indicated or necessary as the fix is official and addresses the root cause.
CVE-2026-49342: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in lsegal yard
Description
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html` is joined against that root and can return a readable sibling `.html` file outside the intended static tree. Version 0.9.44 patches the issue.
CVSS v3.1
Score 5.3medium
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-49342 describes a path traversal vulnerability in YARD before version 0.9.44. The static cache lookup mechanism processes the request path prior to the router's path normalization, enabling an attacker to craft traversal paths (e.g., '/../yard-cache-secret.html') that bypass the intended document root restrictions. This allows unauthorized reading of sibling .html files outside the static content tree. The issue is addressed by a patch in YARD version 0.9.44.
Potential Impact
An attacker can read files outside the intended static directory by exploiting the path traversal flaw, potentially exposing sensitive documentation or cached HTML files. The vulnerability does not allow modification or denial of service, only unauthorized read access to files accessible by the server process.
Mitigation Recommendations
Upgrade YARD to version 0.9.44 or later, where the path traversal vulnerability is patched. No other mitigation is indicated or necessary as the fix is official and addresses the root cause.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-29T14:35:45.903Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a359d6df198dc38c12203a6
Added to database: 6/19/2026, 7:50:05 PM
Last enriched: 6/19/2026, 8:05:41 PM
Last updated: 6/20/2026, 12:06:29 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.