High8.1Red Hat & Ubuntu Linux
Arbitrary code execution via deserialization bypass
CVE-2026-41316 Published Apr 24, 2026
CVE-2026-41316
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Arbitrary code execution via deserialization bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. Affected package(s): ruby, ruby4.0, ruby:3.3, ruby:4.0. Resolved in Red Hat advisory RHSA-2026:20614 — update the affected packages (`sudo dnf update`).
Affected versions
- ruby-0:3.0.4-160.2.el9_0
- ruby-0:3.0.7-162.el9_4.2
- ruby4.0-0:4.0.3-34.el10_2
- ruby:3.3-9040020260520083544.9
- ruby-0:3.3.10-12.el10_1
- ruby:4.0-9080020260513131334.9
- ruby-0:3.0.4-161.el9_2.3
- ruby-0:3.3.10-11.el10_0.1
- ruby:3.3-8100020260428163940.489197e6
- ruby-0:3.0.7-165.el9_6.1
- ruby:3.3-9070020260428163621.9
- ruby-0:3.0.7-166.el9_7
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Fixed versions
- RHSA-2026:20614
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Update the affected package(s) to the fixed version shipped in RHSA-2026:20614 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.