NVD HIGH: CVE-2026-41493 — YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vul...

Friday, May 8, 2026 at 02:16 PM UTC·Source: NIST NVD

Updated: Thursday, May 14, 2026 at 05:00 AM UTC

Executive Summary

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-41493

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 8, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel

Bulletin ID: 2026-029-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 18:45 PM PDT This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information. Description: Amazon is aware of CVE-20

CVE-2026-46300CVE-2026-43284

3h agoAWS Security Bulletins

LOWVulnerability

Ongoing updates on Copy.fail and variants

Bulletin ID: 2026-030-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 10:00 PM PDT This is an ongoing issue. This bulletin will be updated as more information becomes available. Description: AWS is aware of the copy.fail or DirtyFrag class of issues - a set of privilege escalation

3h agoAWS Security Bulletins

MEDIUMVulnerability

Bunq applies for Mexican banking license

Bunq, the European neobank for "global citizens", has applied for a Mexican banking license.

5h agoFinextra