Threats Tagged 'cve-2026-41316'
View all threats tagged with 'cve-2026-41316'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-41316'
Click on any threat for detailed analysis and mitigation recommendations
Red Hat Security Advisory: ruby4.0 security updateCVE-2026-33210 0 Red Hat has issued a security advisory for ruby4. 0 addressing two vulnerabilities: CVE-2026-33210, a format string injection in Ruby JSON that can lead to denial of service or information disclosure, and CVE-2026-41316, an arbitrary code execution vulnerability via deserialization bypass in ERB. These issues affect multiple Red Hat Enterprise Linux 10 variants and related products. The advisory rates the security impact as Important (high severity). Red Hat has released updated ruby4. 0 packages to remediate these vulnerabilities. Users of affected Red Hat Enterprise Linux 10 systems should apply the provided updates to mitigate these risks. No known exploits in the wild have been reported at this time. Join the discussion | GCVE Database | 05/26/2026, 05:33:25 UTC Added: 05/26/2026, 20:58:40 UTC |
Ruby und Ruby on Rails (erb gem): Schwachstelle ermöglicht CodeausführungCVE-2026-41316 0 Ruby ist eine interpretierte, objektorientierte Skriptsprache. Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework. Join the discussion | GCVE Database | 04/20/2026, 22:00:00 UTC Added: 05/26/2026, 20:58:40 UTC |
Red Hat Security Advisory: ruby:4.0 security updateCVE-2026-33210 0 This advisory addresses two security vulnerabilities in Ruby 4. 0 as packaged for Red Hat Enterprise Linux 9. The first vulnerability (CVE-2026-33210) involves a format string injection in the Ruby JSON module that could lead to denial of service or information disclosure. The second vulnerability (CVE-2026-41316) affects the ERB module and allows arbitrary code execution via a deserialization bypass. Red Hat has released an important security update rebasing Ruby 4. 0 to the latest release to fix these issues. The update is available for multiple architectures and Red Hat Enterprise Linux variants. No known exploits in the wild have been reported. Users should apply the update as directed by Red Hat to remediate these vulnerabilities. Join the discussion | GCVE Database | 05/26/2026, 07:42:21 UTC Added: 05/26/2026, 20:58:31 UTC |
CVE-2026-41316: CWE-693: Protection Mechanism Failure in ruby erbCVE-2026-41316 0 ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue. Join the discussion | CVE Database V5 | 04/24/2026, 02:35:41 UTC Added: 04/24/2026, 02:51:04 UTC |
Showing 1 to 4 of 4 results