High severity7.5GHSA Advisory· Published May 8, 2026· Updated May 12, 2026
CVE-2026-41493
CVE-2026-41493
Description
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yardRubyGems | < 0.9.42 | 0.9.42 |
Affected products
3Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3jfp-46x4-xgfjghsaADVISORY
- github.com/lsegal/yard/security/advisories/GHSA-3jfp-46x4-xgfjnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-41493ghsaADVISORY
- github.com/lsegal/yard/releases/tag/v0.9.42nvdProductRelease NotesWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2026-41493.ymlghsaWEB
News mentions
0No linked articles in our index yet.