PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-41316 ruby CVE debrief

CVE-2026-41316 is a high-severity vulnerability in the Ruby ERB templating system. The vulnerability was introduced in Ruby 2.7.0 and affects ERB versions prior to 2.2.0. An attacker can exploit this vulnerability by triggering Marshal.load on untrusted data in a Ruby application that has ERB loaded, allowing for code execution via the ERB#def_module method. This vulnerability has a CVSS score of 8.1 and is considered high severity. The vulnerability was publicly disclosed on April 24, 2026, and has since been patched in ERB versions 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4.

Vendor
ruby
Product
erb
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-24
Original CVE updated
2026-06-30
Advisory published
2026-04-24
Advisory updated
2026-06-30

Who should care

Developers and administrators using Ruby applications that utilize the ERB templating system should be aware of this vulnerability. Additionally, security teams and vulnerability management professionals should prioritize patching and mitigating this vulnerability in their environments. Red Hat users should review the provided errata and take necessary actions to patch their systems.

Technical summary

The vulnerability is caused by the lack of proper input validation in the ERB#def_module, ERB#def_method, and ERB#def_class methods. An attacker can exploit this vulnerability by triggering Marshal.load on untrusted data in a Ruby application that has ERB loaded, allowing for code execution. The vulnerability has a CVSS score of 8.1 and is considered high severity. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-693 and CWE-502.

Defensive priority

High priority should be given to patching and mitigating this vulnerability in Ruby applications that utilize the ERB templating system. Developers should ensure that ERB versions 4.0.3.1, 4.0.4.1, 6.0.1.1, or 6.0.4 are used to prevent exploitation.

Recommended defensive actions

  • Apply patches to upgrade ERB to versions 4.0.3.1, 4.0.4.1, 6.0.1.1, or 6.0.4.
  • Restrict access to Marshal.load to prevent exploitation.
  • Implement additional security controls, such as input validation and sanitization, to prevent code execution.
  • Monitor Ruby applications for suspicious activity and implement logging and auditing to detect potential exploitation.
  • Review and update vulnerability management processes to ensure timely patching and mitigation of vulnerabilities like CVE-2026-41316.

Evidence notes

The CVE-2026-41316 vulnerability was publicly disclosed on April 24, 2026, and has since been patched in ERB versions 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4. The vulnerability has a CVSS score of 8.1 and is considered high severity. Red Hat has provided errata for affected systems, and users should review and apply these patches as necessary.

Official resources

This article was generated with AI assistance based on the supplied source corpus.