CVE-2026-41316
Description
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an @_init instance variable guard in ERB#result and ERB#run to prevent code execution when an ERB object is reconstructed via Marshal.load (deserialization). However, three other public methods that also evaluate @src via eval() were not given the same guard: ERB#def_method, ERB#def_module, and ERB#def_class. An attacker who can trigger Marshal.load on untrusted data in a Ruby application that has erb loaded can use ERB#def_module (zero-arg, default parameters) as a code execution sink, bypassing the @_init protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
erbRubyGems | < 4.0.3.1 | 4.0.3.1 |
erbRubyGems | >= 4.0.4, < 4.0.4.1 | 4.0.4.1 |
erbRubyGems | >= 5.0.0, < 6.0.1.1 | 6.0.1.1 |
erbRubyGems | >= 6.0.2, < 6.0.4 | 6.0.4 |
Affected products
67- osv-coords67 versionspkg:apk/chainguard/jruby-9.4pkg:apk/chainguard/logstash-9.3pkg:apk/chainguard/logstash-9.3-iamguarded-compatpkg:apk/chainguard/logstash-fips-9.3pkg:apk/chainguard/logstash-fips-9.3-iamguarded-compatpkg:apk/chainguard/ruby3.2-rails-7.2pkg:apk/chainguard/ruby3.2-rails-8.0pkg:apk/chainguard/ruby3.2-rails-8.1pkg:apk/chainguard/ruby3.3-rails-7.2pkg:apk/chainguard/ruby3.3-rails-8.0pkg:apk/chainguard/ruby3.3-rails-8.1pkg:apk/chainguard/ruby3.4-rails-7.2pkg:apk/chainguard/ruby3.4-rails-8.0pkg:apk/chainguard/ruby3.4-rails-8.1pkg:apk/chainguard/ruby-4.0pkg:apk/chainguard/ruby4.0-rails-7.2pkg:apk/chainguard/ruby4.0-rails-8.0pkg:apk/chainguard/ruby4.0-rails-8.1pkg:apk/chainguard/trufflerubypkg:apk/wolfi/jruby-9.4pkg:apk/wolfi/logstash-9.3pkg:apk/wolfi/logstash-9.3-iamguarded-compatpkg:apk/wolfi/ruby3.2-rails-8.0pkg:apk/wolfi/ruby3.2-rails-8.1pkg:apk/wolfi/ruby3.3-rails-8.0pkg:apk/wolfi/ruby3.3-rails-8.1pkg:apk/wolfi/ruby3.4-rails-8.0pkg:apk/wolfi/ruby3.4-rails-8.1pkg:apk/wolfi/ruby-4.0pkg:apk/wolfi/ruby4.0-rails-8.1pkg:gem/erbpkg:rpm/almalinux/rubypkg:rpm/almalinux/ruby4.0pkg:rpm/almalinux/ruby4.0-develpkg:rpm/almalinux/ruby4.0-docpkg:rpm/almalinux/ruby4.0-rubygem-mysql2pkg:rpm/almalinux/ruby4.0-rubygem-pgpkg:rpm/almalinux/ruby-bundled-gemspkg:rpm/almalinux/ruby-default-gemspkg:rpm/almalinux/ruby-develpkg:rpm/almalinux/ruby-docpkg:rpm/almalinux/rubygem-abrtpkg:rpm/almalinux/rubygem-abrt-docpkg:rpm/almalinux/rubygem-bigdecimalpkg:rpm/almalinux/rubygem-bundlerpkg:rpm/almalinux/rubygem-io-consolepkg:rpm/almalinux/rubygem-irbpkg:rpm/almalinux/rubygem-jsonpkg:rpm/almalinux/rubygem-minitestpkg:rpm/almalinux/rubygem-mysql2pkg:rpm/almalinux/rubygem-mysql2-docpkg:rpm/almalinux/rubygem-pgpkg:rpm/almalinux/rubygem-pg-docpkg:rpm/almalinux/rubygem-power_assertpkg:rpm/almalinux/rubygem-psychpkg:rpm/almalinux/rubygem-raccpkg:rpm/almalinux/rubygem-rakepkg:rpm/almalinux/rubygem-rbspkg:rpm/almalinux/rubygem-rdocpkg:rpm/almalinux/rubygem-rexmlpkg:rpm/almalinux/rubygem-rsspkg:rpm/almalinux/rubygemspkg:rpm/almalinux/rubygems-develpkg:rpm/almalinux/rubygem-test-unitpkg:rpm/almalinux/rubygem-typeprofpkg:rpm/almalinux/ruby-libspkg:rpm/opensuse/ruby4.0&distro=openSUSE%20Tumbleweed
< 9.4.15.0-r0+ 66 more
- (no CPE)range: < 9.4.15.0-r0
- (no CPE)range: < 9.3.4-r2
- (no CPE)range: < 9.3.4-r2
- (no CPE)range: < 9.3.4-r0
- (no CPE)range: < 9.3.4-r0
- (no CPE)range: < 7.2.3.1-r2
- (no CPE)range: < 8.0.5-r1
- (no CPE)range: < 8.1.3-r3
- (no CPE)range: < 7.2.3.1-r3
- (no CPE)range: < 8.0.5-r2
- (no CPE)range: < 8.1.3-r4
- (no CPE)range: < 7.2.3.1-r3
- (no CPE)range: < 8.0.5-r2
- (no CPE)range: < 8.1.3-r3
- (no CPE)range: < 4.0.3-r0
- (no CPE)range: < 7.2.3.1-r3
- (no CPE)range: < 8.0.5-r2
- (no CPE)range: < 8.1.3-r4
- (no CPE)range: < 34.0.1-r2
- (no CPE)range: < 9.4.15.0-r0
- (no CPE)range: < 9.3.4-r2
- (no CPE)range: < 9.3.4-r2
- (no CPE)range: < 8.0.5-r1
- (no CPE)range: < 8.1.3-r3
- (no CPE)range: < 8.0.5-r2
- (no CPE)range: < 8.1.3-r4
- (no CPE)range: < 8.0.5-r2
- (no CPE)range: < 8.1.3-r3
- (no CPE)range: < 4.0.3-r0
- (no CPE)range: < 8.1.3-r4
- (no CPE)range: < 4.0.3.1
- (no CPE)range: < 3.3.10-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 4.0.3-34.el10_2
- (no CPE)range: < 4.0.3-34.el10_2
- (no CPE)range: < 4.0.3-34.el10_2
- (no CPE)range: < 0.5.7-34.el10_2
- (no CPE)range: < 1.6.3-34.el10_2
- (no CPE)range: < 3.3.10-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.3.10-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.3.10-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.3.10-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 3.1.5-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 2.5.22-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 0.7.1-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 1.13.1-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 2.7.2-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 5.20.0-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 0.5.5-3.module_el9.7.0+184+e2e36072
- (no CPE)range: < 0.5.5-3.module_el9.7.0+184+e2e36072
- (no CPE)range: < 1.5.4-2.module_el9.7.0+245+447713a2
- (no CPE)range: < 1.5.4-2.module_el9.7.0+245+447713a2
- (no CPE)range: < 2.0.3-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 5.1.2-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 1.7.3-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 13.1.0-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.4.0-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 6.6.3.1-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.4.4-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 0.3.1-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.5.22-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.5.22-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.6.1-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 0.21.9-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 3.3.10-6.module_el9.7.0+245+447713a2
- (no CPE)range: < 4.0.3-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.