What is the CVSS score of CVE-2026-41316?

CVE-2026-41316 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ruby ERB are affected by CVE-2026-41316?

CVE-2026-41316 is a high-severity remote code execution vulnerability in Ruby's ERB library affecting applications that deserialize untrusted data through specific ERB methods (def_module,…. A patch is available.

Ruby ERB CVE-2026-41316

EUVD-2026-25385 HIGH

Protection Mechanism Failure (CWE-693)

2026-04-24 GitHub_M

GHSA-q339-8rmv-2mhv

RCE Deserialization

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 29, 2026 - 20:56 nvd

Patch available

Re-analysis Queued

Apr 24, 2026 - 14:52 vuln.today

cvss_changed

Patch available

Apr 24, 2026 - 05:31 EUVD

Analysis Generated

Apr 24, 2026 - 03:32 vuln.today

EUVD ID Assigned

Apr 24, 2026 - 03:00 euvd

EUVD-2026-25385

Analysis Generated

Apr 24, 2026 - 03:00 vuln.today

CVE Published

Apr 24, 2026 - 02:35 nvd

HIGH 8.1

DescriptionNVD

ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an @_init instance variable guard in ERB#result and ERB#run to prevent code execution when an ERB object is reconstructed via Marshal.load (deserialization). However, three other public methods that also evaluate @src via eval() were not given the same guard: ERB#def_method, ERB#def_module, and ERB#def_class. An attacker who can trigger Marshal.load on untrusted data in a Ruby application that has erb loaded can use ERB#def_module (zero-arg, default parameters) as a code execution sink, bypassing the @_init protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.

AnalysisAI

Remote code execution in Ruby ERB library via unsafe deserialization allows unauthenticated attackers to execute arbitrary code by exploiting incomplete protection in Marshal.load workflows. While ERB 2.2.0+ added guards to prevent code execution during deserialization in result() and run() methods, the def_module(), def_method(), and def_class() methods remained unprotected, enabling attackers to bypass the @_init safeguard. …

RemediationAI

Within 24 hours: Identify all Ruby applications using ERB and determine which use Marshal.load or similar deserialization on untrusted data, specifically focusing on def_module(), def_method(), or def_class() calls. Within 7 days: Implement input validation to reject or sanitize Marshal-serialized data; apply strict deserialization controls using permitted_classes parameters where available; isolate affected services where possible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

CVE-2026-41316 vulnerability details – vuln.today

Back

Ruby ERB CVE-2026-41316

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Share

External POC / Exploit Code