Red Hat Product Errata RHSA-2026:20606 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20606 - Security Advisory Overview Updated Packages Synopsis Important: ruby4.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for ruby4.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. Security Fix(es): ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection (CVE-2026-33210) erb: ERB: Arbitrary code execution via deserialization bypass (CVE-2026-41316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2449871 - CVE-2026-33210 ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection BZ - 2461369 - CVE-2026-41316 erb: ERB: Arbitrary code execution via deserialization bypass CVEs CVE-2026-33210 CVE-2026-41316 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM ruby4.0-4.0.3-34.el10_2.src.rpm SHA-256: 37bddd2a116c833e7dfa3bca1ad8e83ba618021c17c543e1e4bf3a73275f3a71 x86_64 ruby4.0-4.0.3-34.el10_2.x86_64.rpm SHA-256: 460176256ff48e74b59dc2a02ce03e9d2dd93543ad203e8d0cb0cd4ed22d75f4 ruby4.0-debuginfo-4.0.3-34.el10_2.x86_64.rpm SHA-256: 3917aeae953d14c4ae29c6f443c06fa4662d7769fcd1e9a0af69cfa326b9f8c6 ruby4.0-debugsource-4.0.3-34.el10_2.x86_64.rpm SHA-256: 673c8dd9f7f439bae8c0c2ffa9b576c534291af181e7e0e1a30a5b9b531f5acc ruby4.0-devel-4.0.3-34.el10_2.x86_64.rpm SHA-256: d063681b6e8b0e206c01eef315ee88e009ddee156bb07e18baf6b1e35cd35e0e ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.x86_64.rpm SHA-256: 8ac2c127ff689204fb1f6c9a3ee33a517e4e9c1f0d35939307d75a283079b375 ruby4.0-rubygem-mysql2-debuginfo-0.5.7-34.el10_2.x86_64.rpm SHA-256: 2e4327990cff7f4c283c10ba4c18fa451587c27a6cfc32fe5ed9b3e5e96cefa2 ruby4.0-rubygem-pg-1.6.3-34.el10_2.x86_64.rpm SHA-256: 4776f40770060df318ca03f360c0c585a35448e9901a5ad93dc5e392ec6b6a36 ruby4.0-rubygem-pg-debuginfo-1.6.3-34.el10_2.x86_64.rpm SHA-256: 8eb041c2790d49b07fecdc9e0c4ed7f3cc6e10b74d5bee0bce384579523782a9 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM ruby4.0-4.0.3-34.el10_2.src.rpm SHA-256: 37bddd2a116c833e7dfa3bca1ad8e83ba618021c17c543e1e4bf3a73275f3a71 x86_64 ruby4.0-4.0.3-34.el10_2.x86_64.rpm SHA-256: 460176256ff48e74b59dc2a02ce03e9d2dd93543ad203e8d0cb0cd4ed22d75f4 ruby4.0-debuginfo-4.0.3-34.el10_2.x86_64.rpm SHA-256: 3917aeae953d14c4ae29c6f443c06fa4662d7769fcd1e9a0af69cfa326b9f8c6 ruby4.0-debugsource-4.0.3-34.el10_2.x86_64.rpm SHA-256: 673c8dd9f7f439bae8c0c2ffa9b576c534291af181e7e0e1a30a5b9b531f5acc ruby4.0-devel-4.0.3-34.el10_2.x86_64.rpm SHA-256: d063681b6e8b0e206c01eef315ee88e009ddee156bb07e18baf6b1e35cd35e0e ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.x86_64.rpm SHA-256: 8ac2c127ff689204fb1f6c9a3ee33a517e4e9c1f0d35939307d75a283079b375 ruby4.0-rubygem-mysql2-debuginfo-0.5.7-34.el10_2.x86_64.rpm SHA-256: 2e4327990cff7f4c283c10ba4c18fa451587c27a6cfc32fe5ed9b3e5e96cefa2 ruby4.0-rubygem-pg-1.6.3-34.el10_2.x86_64.rpm SHA-256: 4776f40770060df318ca03f360c0c585a35448e9901a5ad93dc5e392ec6b6a36 ruby4.0-rubygem-pg-debuginfo-1.6.3-34.el10_2.x86_64.rpm SHA-256: 8eb041c2790d49b07fecdc9e0c4ed7f3cc6e10b74d5bee0bce384579523782a9 Red Hat Enterprise Linux for IBM z Systems 10 SRPM ruby4.0-4.0.3-34.el10_2.src.rpm SHA-256: 37bddd2a116c833e7dfa3bca1ad8e83ba618021c17c543e1e4bf3a73275f3a71 s390x ruby4.0-4.0.3-34.el10_2.s390x.rpm SHA-256: 838c51d4e5b5195ddd3cc79fcd62f3264acf3ce69f05233f052caa2e378d632e ruby4.0-debuginfo-4.0.3-34.el10_2.s390x.rpm SHA-256: e33566b09d37fa486430e3e00bf41b327ae0fa4770a032f5971d37955ce365c1 ruby4.0-debugsource-4.0.3-34.el10_2.s390x.rpm SHA-256: d49045971e22fcc1a6a9a52aa48b906d320d7f8bb6ebfe205022be2d6875b845 ruby4.0-devel-4.0.3-34.el10_2.s390x.rpm SHA-256: 1555106ae16c381ee67a968b7c1a46c764b79d6765dfde8ddafb9e2dee403d39 ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.s390x.rpm SHA-256: 31574d9f80d616095ebbd3142bd07af6efcf3e6804f62c78ba7603bfb5e0e79e ruby4.0-rubygem-mysql2-debuginfo-0.5.7-34.el10_2.s390x.rpm SHA-256: 4b96bbb72ed4cef1faee0f67dfd66f6c22908056040f21e831683b3547dfca5a ruby4.0-rubygem-pg-1.6.3-34.el10_2.s390x.rpm SHA-256: 2c518140c04f4f0a59fcd6d42bc77caa3844fb9bae1250ba304a0212de31c354 ruby4.0-rubygem-pg-debuginfo-1.6.3-34.el10_2.s390x.rpm SHA-256: d3f3b33818c312524f4f9fa40b2c3e42509e5de3fbfb68575c3b4fa9fac4234f Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM ruby4.0-4.0.3-34.el10_2.src.rpm SHA-256: 37bddd2a116c833e7dfa3bca1ad8e83ba618021c17c543e1e4bf3a73275f3a71 s390x ruby4.0-4.0.3-34.el10_2.s390x.rpm SHA-256: 838c51d4e5b5195ddd3cc79fcd62f3264acf3ce69f05233f052caa2e378d632e ruby4.0-debuginfo-4.0.3-34.el10_2.s390x.rpm SHA-256: e33566b09d37fa486430e3e00bf41b327ae0fa4770a032f5971d37955ce365c1 ruby4.0-debugsource-4.0.3-34.el10_2.s390x.rpm SHA-256: d49045971e22fcc1a6a9a52aa48b906d320d7f8bb6ebfe205022be2d6875b845 ruby4.0-devel-4.0.3-34.el10_2.s390x.rpm SHA-256: 1555106ae16c381ee67a968b7c1a46c764b79d6765dfde8ddafb9e2dee403d39 ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.s390x.rpm SHA-256: 31574d9f80d616095ebbd3142bd07af6efcf3e6804f62c78ba7603bfb5e0e79e ruby4.0-rubygem-mysql2-debuginfo-0.5.7-34.el10_2.s390x.rpm SHA-256: 4b96bbb72ed4cef1faee0f67dfd66f6c22908056040f21e831683b3547dfca5a ruby4.0-rubygem-pg-1.6.3-34.el10_2.s390x.rpm SHA-256: 2c518140c04f4f0a59fcd6d42bc77caa3844fb9bae1250ba304a0212de31c354 ruby4.0-rubygem-pg-debuginfo-1.6.3-34.el10_2.s390x.rpm SHA-256: d3f3b33818c312524f4f9fa40b2c3e42509e5de3fbfb68575c3b4fa9fac4234f Red Hat Enterprise Linux for Power, little endian 10 SRPM ruby4.0-4.0.3-34.el10_2.src.rpm SHA-256: 37bddd2a116c833e7dfa3bca1ad8e83ba618021c17c543e1e4bf3a73275f3a71 ppc64le ruby4.0-4.0.3-34.el10_2.ppc64le.rpm SHA-256: f6f722d83d8a1fce42a4f1ed82341f55286d73fe5fa578c41953789e2be3c105 ruby4.0-debuginfo-4.0.3-34.el10_2.ppc64le.rpm SHA-256: 3b81bcb5bd79884f3f3ffa73e1c538704d63376cd5c7f0bda3a91ba8c75f897f ruby4.0-debugsource-4.0.3-34.el10_2.ppc64le.rpm SHA-256: 1518ab770b62774e606ac216e09f0f03516cdca4555eb94fdb526aa23c1a9600 ruby4.0-devel-4.0.3-34.el10_2.ppc64le.rpm SHA-256: d2c798e5a4ad192aab6a7fab78d85a9d5f4caf31a4af547759a98489eb0f07b2 ruby4.0-rubygem-mysql2-0.5.7-34.el10_2.ppc64le.rpm SHA-256: f36cf8109e25e60a3ffb4c84db521c84b0d795ac4d4e0c5d45a2fa0fa708dfe5 ruby4.0-rubygem-mysql2-debuginfo-0.5.7-34.el10_2.ppc64le.rpm SHA-256: 24a9b387b8d2422f18bc3097d87a2b48693637ea658c2941336829c5629a91f1 ruby4.0-rubygem-pg-1.6.3-34.el10_2.ppc64le.rpm SHA-256: 6f5a6b7a61f31cb25b683fc5ee4c160c0a4531511ce46f9ce0f72a0ac9b10a77 ruby4.0-rubygem-pg-debuginfo-1.6.3-34.el10_2.ppc64le.rpm SHA-256: b668af51582430fbc005a19e694ba7b36ded408b3c57c2da2fb8c496b5b3bd44 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM ruby4.0-4.0.3-34.el10_2.src.rpm SHA-256: 37bddd2a116c833e7dfa3bca1ad8e83ba618021c17c543e1e4bf3a73275f3a71 ppc64le ruby4.0-4.0.3-34.el10_2.ppc64le.rpm SHA-256: f6f722d83d8a1fce42a4f1ed82341f55286d73fe5fa578c41953789e2be3c105 ruby4.0-debuginfo-4.0.3-34.el10_2.ppc64le.rpm SHA-256: 3b81bcb5bd79884f3f3ffa73e1c538704d63376cd5c7f0bda3a91ba8c75f897f ruby4.0-debugsource-4.0.3-34.el10_2.ppc64le.rpm SHA-256: 1518ab770b62774e606ac216e09f0f03516cdca4555eb94fdb526aa23c1a9600 ruby4.0-devel-4.0.3-34.el10_2.ppc64le.rpm SHA-256: d2c798e5a4ad