PatchSiren cyber security CVE debrief
CVE-2026-41316 ruby CVE debrief
CVE-2026-41316 is a high-severity vulnerability in the Ruby ERB templating system. The vulnerability was introduced in Ruby 2.7.0 and affects ERB versions prior to 2.2.0. An attacker can exploit this vulnerability by triggering Marshal.load on untrusted data in a Ruby application that has ERB loaded, allowing for code execution via the ERB#def_module method. This vulnerability has a CVSS score of 8.1 and is considered high severity. The vulnerability was publicly disclosed on April 24, 2026, and has since been patched in ERB versions 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4.
- Vendor
- ruby
- Product
- erb
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-24
- Advisory updated
- 2026-06-30
Who should care
Developers and administrators using Ruby applications that utilize the ERB templating system should be aware of this vulnerability. Additionally, security teams and vulnerability management professionals should prioritize patching and mitigating this vulnerability in their environments. Red Hat users should review the provided errata and take necessary actions to patch their systems.
Technical summary
The vulnerability is caused by the lack of proper input validation in the ERB#def_module, ERB#def_method, and ERB#def_class methods. An attacker can exploit this vulnerability by triggering Marshal.load on untrusted data in a Ruby application that has ERB loaded, allowing for code execution. The vulnerability has a CVSS score of 8.1 and is considered high severity. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-693 and CWE-502.
Defensive priority
High priority should be given to patching and mitigating this vulnerability in Ruby applications that utilize the ERB templating system. Developers should ensure that ERB versions 4.0.3.1, 4.0.4.1, 6.0.1.1, or 6.0.4 are used to prevent exploitation.
Recommended defensive actions
- Apply patches to upgrade ERB to versions 4.0.3.1, 4.0.4.1, 6.0.1.1, or 6.0.4.
- Restrict access to Marshal.load to prevent exploitation.
- Implement additional security controls, such as input validation and sanitization, to prevent code execution.
- Monitor Ruby applications for suspicious activity and implement logging and auditing to detect potential exploitation.
- Review and update vulnerability management processes to ensure timely patching and mitigation of vulnerabilities like CVE-2026-41316.
Evidence notes
The CVE-2026-41316 vulnerability was publicly disclosed on April 24, 2026, and has since been patched in ERB versions 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4. The vulnerability has a CVSS score of 8.1 and is considered high severity. Red Hat has provided errata for affected systems, and users should review and apply these patches as necessary.
Official resources
-
CVE-2026-41316 CVE record
CVE.org
-
CVE-2026-41316 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.