This vulnerability (CVE-2026-41316, CVSS 8.1 High) in Ruby's ERB templating engine allows arbitrary code execution via a deserialization bypass. The article states the update is for Ruby on RHEL 9, but specific affected and fixed version numbers are not provided in the text; the NVD data does not contain version information either. Red Hat has released patched packages, and administrators should apply the update referenced as RHSA-2026:18039 to their affected RHEL 9 systems.
Red Hat Product Errata RHSA-2026:18039 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18039 - Security Advisory Overview Updated Packages Synopsis Important: ruby security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): erb: ERB: Arbitrary code execution via deserialization bypass (CVE-2026-41316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2461369 - CVE-2026-41316 erb: ERB: Arbitrary code execution via deserialization bypass CVEs CVE-2026-41316 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM ruby-3.0.7-166.el9_7.src.rpm SHA-256: bb74b4f0822b4049bbc61fe7dca1a8721821534ef8a01418e2a85503e170ade6 x86_64 ruby-3.0.7-166.el9_7.i686.rpm SHA-256: 0917737cecbfded58fdd6c1361aef045a5eb4cc8836cb982dd030cfa9e0e9bea ruby-3.0.7-166.el9_7.x86_64.rpm SHA-256: 5baeae3f02924522e191c2664749529b73add77dec6ff5ff4fde17b1767c28f3 ruby-debuginfo-3.0.7-166.el9_7.i686.rpm SHA-256: 90a27c12535bd6bfbff3f6969657d2dbc146e21ddea02e6f19376718ed255623 ruby-debuginfo-3.0.7-166.el9_7.x86_64.rpm SHA-256: 4d63d4a9fd1006d7286473c87f6e0fa95d25808cc0cd423ff5cacc54cdd8c81a ruby-debugsource-3.0.7-166.el9_7.i686.rpm SHA-256: 1a7bcb8c221202a39290a0fd44f49dd5493873c8a64c87ee99348860a4a4ad02 ruby-debugsource-3.0.7-166.el9_7.x86_64.rpm SHA-256: da4409034b96d3645818af454ff2de6495e5ecbb37a3078fd87ff69c426aac6a ruby-default-gems-3.0.7-166.el9_7.noarch.rpm SHA-256: 0572f593d8335d19af1ab8f63195e48014961cdbbe263b22895ccf24e55a2713 ruby-devel-3.0.7-166.el9_7.i686.rpm SHA-256: db5249b2c6992cd6585c550557774d13f43f877b3bd06e10d35267235b83583b ruby-devel-3.0.7-166.el9_7.x86_64.rpm SHA-256: 7f444bc155a4a1ed6c4132981dc0e5af7e5a89136b3cc3e6bf2853bebc58b6b8 ruby-libs-3.0.7-166.el9_7.i686.rpm SHA-256: 56b4f95bbcc2e0df199e9678d181ca6eafcbfd8ade8066e81e618ad3bd3b5291 ruby-libs-3.0.7-166.el9_7.x86_64.rpm SHA-256: 487d41639f60b5cc55118a57eee44c7a146613352de5303a6953710f443ce5a7 ruby-libs-debuginfo-3.0.7-166.el9_7.i686.rpm SHA-256: e1a617ddb2790c4270838d2df4f80f94d85d3b7073e866e2e4beb62b9c70aa72 ruby-libs-debuginfo-3.0.7-166.el9_7.x86_64.rpm SHA-256: 7bd5230c441292d21f867d8719d4f23b193a144c4f3c728a7d67175d448a757e rubygem-bigdecimal-3.0.0-166.el9_7.x86_64.rpm SHA-256: 78aba1fb6c7615dfee1ea0d196c1a7c5547b8060b078ee6b2ffd86e4cf9b8ed0 rubygem-bigdecimal-debuginfo-3.0.0-166.el9_7.i686.rpm SHA-256: 7526d737c55a06ab9745db9002de45a59f092cfc16bbb397fa6ddaed3b988c3c rubygem-bigdecimal-debuginfo-3.0.0-166.el9_7.x86_64.rpm SHA-256: 0205ab76b4ada0c35014d47c04cb8d8b86c5e4211b75fee9beb07580495003bb rubygem-bundler-2.2.33-166.el9_7.noarch.rpm SHA-256: e4604bf03e73d3373a0556282106f8581a0a2487dc45fd4e2496df35480b8ec5 rubygem-io-console-0.5.7-166.el9_7.x86_64.rpm SHA-256: c9808e07ffbfeee30f4c73a36bd4c33bdc00c5c243075bfdcc6ddd0cdcd2eb26 rubygem-io-console-debuginfo-0.5.7-166.el9_7.i686.rpm SHA-256: 5de9d3a525ba7556774a9b67dc4eaa5f2c1c7398b917beb61eceb382686222d4 rubygem-io-console-debuginfo-0.5.7-166.el9_7.x86_64.rpm SHA-256: b660f7927b259c637c481f0ae118f53e9c8780ff8c4eee01a7997614254cda7b rubygem-irb-1.3.5-166.el9_7.noarch.rpm SHA-256: 001dd0b8f993258bc0f493b84be809a1cf6b921c285f7f03bc8e5877442edaa1 rubygem-json-2.5.1-166.el9_7.x86_64.rpm SHA-256: 96134f3c1b4734a74797cf8b9f72c828118bb4538d9fffc958ff90ec67d0d3b1 rubygem-json-debuginfo-2.5.1-166.el9_7.i686.rpm SHA-256: 4ae88a16593891ebede912d843fab5ec24f4eb04fe67beb1773bf4ffa5c8a702 rubygem-json-debuginfo-2.5.1-166.el9_7.x86_64.rpm SHA-256: fd5fe7bb229c291ac428bc7630e1519f6cb0af5ed876327c63e1ffa6931c05f0 rubygem-minitest-5.14.2-166.el9_7.noarch.rpm SHA-256: c19fc5492004a55c43f4705f695b9dc91bd10530313b845dae7a36fd0f94a0d3 rubygem-power_assert-1.2.1-166.el9_7.noarch.rpm SHA-256: 0fb985f0321c0139fc6cdf77e5d65d48c417266c3d83d025dd6d14805a13476a rubygem-psych-3.3.2-166.el9_7.x86_64.rpm SHA-256: 391245de0bde3e8b0f7ad37ed28c13555ba76354996c3e73d4d044cd3ebc2081 rubygem-psych-debuginfo-3.3.2-166.el9_7.i686.rpm SHA-256: 7a100d3ef55d635af221505be9b197dc7f58f21f45946daf1a1593338d9c5be4 rubygem-psych-debuginfo-3.3.2-166.el9_7.x86_64.rpm SHA-256: 36ac1ef4825eef79a385df52fad2ea07de13676809a3dd7f4de7a64023690f34 rubygem-rake-13.0.3-166.el9_7.noarch.rpm SHA-256: 91863c84f30574ca4123c6bd8b970bdf2f910f5cf445c91f56e2c1edbbe6a04b rubygem-rbs-1.4.0-166.el9_7.noarch.rpm SHA-256: f65051cf03cd98e3cfd0ee8769ff0bc96b4326d7c9579f36edce0adae2ee6798 rubygem-rdoc-6.3.4.1-166.el9_7.noarch.rpm SHA-256: 642491826226835ddb8da9930bcc369d28cd0dd8ed119ef974e3c37437dac14e rubygem-rexml-3.2.5-166.el9_7.noarch.rpm SHA-256: a2b77354956a78a143c56e4e995c5be4632bbabb410a64c4aea6785cfcde75fe rubygem-rss-0.2.9-166.el9_7.noarch.rpm SHA-256: 8885e67bde718f37b61b1517e80253b403e07eb6daab19fa72f57f2f7a243a20 rubygem-test-unit-3.3.7-166.el9_7.noarch.rpm SHA-256: 717cdc41f738d319335b49d6d96aee3cc963bb2c71c49b30c40c4e2504c25d5b rubygem-typeprof-0.15.2-166.el9_7.noarch.rpm SHA-256: 9a4717223c71db3cc7111174b86c188862556bc1fee67d33b2faf944b896164c rubygems-3.2.33-166.el9_7.noarch.rpm SHA-256: 42ff4b2d0c5283abd2c86d8691bdbb68370b81e6cc30bc50747ceb3bb8cd1ecf rubygems-devel-3.2.33-166.el9_7.noarch.rpm SHA-256: ed142e00bb4066e0c3d3eb42ad5afc3e12108d21e122515544fcc3f05960f806 Red Hat Enterprise Linux for IBM z Systems 9 SRPM ruby-3.0.7-166.el9_7.src.rpm SHA-256: bb74b4f0822b4049bbc61fe7dca1a8721821534ef8a01418e2a85503e170ade6 s390x ruby-3.0.7-166.el9_7.s390x.rpm SHA-256: c9ea479597b29fee7655fa679fd19decdedcdf5f900855cdc15cf7ca8ce6355d ruby-debuginfo-3.0.7-166.el9_7.s390x.rpm SHA-256: 5d1782fbed49bed1f0707902e992a3c2608b338a59b4ce0faa3a55631d1a80f0 ruby-debugsource-3.0.7-166.el9_7.s390x.rpm SHA-256: 16fa8554815cbe4deb4aa1ac85c2cf92f55d43ce6b300ca1ce690cd7d26eea7e ruby-default-gems-3.0.7-166.el9_7.noarch.rpm SHA-256: 0572f593d8335d19af1ab8f63195e48014961cdbbe263b22895ccf24e55a2713 ruby-devel-3.0.7-166.el9_7.s390x.rpm SHA-256: fab823f4244e079882c3283c80fa7f8464f7d8f5c0f98495006f209ed36a445d ruby-libs-3.0.7-166.el9_7.s390x.rpm SHA-256: ee21230958816a12f6dab547be7c0dd683c11db149d7882040ad05678744dac1 ruby-libs-debuginfo-3.0.7-166.el9_7.s390x.rpm SHA-256: 74bb6688b3054eb334a0aab9bb6bfbb2dc1e258a131e12f05d70e071f1806efc rubygem-bigdecimal-3.0.0-166.el9_7.s390x.rpm SHA-256: 4644a7e40fc2e19f8e5f3ffd518eeaca837edbae6783aa8381cc88f4e8af5a25 rubygem-bigdecimal-debuginfo-3.0.0-166.el9_7.s390x.rpm SHA-256: e22ea9e42171623a4a2a8303fcb0c6fab2544c416ca4c25c6edac86973f4b7bd rubygem-bundler-2.2.33-166.el9_7.noarch.rpm SHA-256: e4604bf03e73d3373a0556282106f8581a0a2487dc45fd4e2496df35480b8ec5 rubygem-io-console-0.5.7-166.el9_7.s390x.rpm SHA-256: 34e9c4b413f1543f216ae3589fbded7647f78ff86b5008333359e2b7cee23abc rubygem-io-console-debuginfo-0.5.7-166.el9_7.s390x.rpm SHA-256: dab0ae628196d071673dd5cb379bacd94173319e929f9e3c6a5326dc0d55cd65 rubygem-irb-1.3.5-166.el9_7.noarch.rpm SHA-256: 001dd0b8f993258bc0f493b84be809a1cf6b921c285f7f03bc8e5877442edaa1 rubygem-json-2.5.1-166.el9_7.s390x.rpm SHA-256: fec9e8603f30dcdd2aa2c78200c74df36b7bd0ce5debc969b815b5e5e1915f4c rubygem-json-debuginfo-2.5.1-166.el9_7.s390x.rpm SHA-256: 5ee9fc37a4ea99c70fc141a34a7840717a043aaed14b497c9d8b97efddd14da4 rubygem-minitest-5.14.2-166.el9_7.noarch.rpm SHA-256: c19fc5492004a55c43f4705f695b9dc91bd10530313b845dae7a36fd0f94a0d3 rubygem-power_assert-1.2.1-166.el9_7.noarch.rpm SHA-256: 0fb985f0321c0139fc6cdf77e5d65d48c417266c3d83d025dd6d14805a13476a rubygem-psych-3.3.2-166.el9_7.s390x.rpm SHA-256: bf575ea99d021f25e767605814723305811860370cd5de4bea55fbd31db6ec36 rubygem-psych-debuginfo-3.3.2-166.el9_7.s390x.rpm SHA-256: 2fbed088d07bba2dfc7b09662baf6199fb787892ff008dc3b8e4b4998146097c rubygem-rake-13.0.3-166.el9_7.noarch.rpm SHA-256: 91863c84f30574ca4123c6bd8b970bdf2f910f5cf445c91f56e2c1edbbe6a04b rubygem-rbs-1.4.0-166.el9_7.noarch.rpm SHA-256: f65051cf03cd98e3cfd0ee8769ff0bc96b4326d7c9579f36edce0adae2ee6798 rubygem-rdoc-6.3.4.1-166.el9_7.noarch.rpm SHA-256: 642491826226835ddb8da9930bcc369d28cd0dd8ed119ef974e3c37437dac14e rubygem-rexml-3.2.5-166.el9_7.noarch.rpm SHA-256: a2b77354956a78a143c56e4e995c5be4632bbabb410a64c4aea6785cfcde75fe rubygem-rss-0.2.9-166.el9_7.noarch.rpm SHA-256: 8885e67bde718f37b61b1517e80253b403e07eb6daab19fa72f57f2f7a243a20 rubygem-test-unit-3.3.7-166.el9_7.noarch.rpm SHA-256: 717cdc41f738d319335b49d6d96aee3cc963bb2c71c49b30c40c4e2504c25d5b rubygem-typeprof-0.15.2-166.el9_7.noarch.rpm SHA-256: 9a4717223c71db3cc7111174b86c188862556bc1fee67d33b2faf944b896164c rubygems-3.2.33-166.el9_7.noarch.rpm SHA-256: 42ff4b2d0c5283abd2c86d8691bdbb68370b81e6cc30bc50747ceb3bb8cd1ecf rubygem