cyberLOW2026-04-24 03:16 UTC

CVE-2026-41316 - ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

CVE ID :CVE-2026-41316 Published : April 24, 2026, 3:16 a.m. | 36 minutes ago Description :ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution whe

ORIGINAL SOURCE →via CVE Feed Latest

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
[CYBER] Ransomware Gang Unveils Custom Data-Theft Tool
[CYBER] Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
[CYBER] Tanzania: Dar es Salaam Leads As 518 People Reportedly Dead During Oct 29 Unrest
[CYBER] Bitwarden CLI Compromised After Malicious GitHub Actions Workflow
[CYBER] CVE-2026-41309 - Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing

Editorial policy · Report a correction