CVE-2026-44837
MEDIUMview_component: System Test Entry Point Path Check Allows Sibling Directory Escape
Title source: cnaDescription
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. This vulnerability is fixed in 4.9.0.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/ViewComponent/view_component/security/advisories/GHSA-hg3h-g7xc-f7vp
Scores
CVSS v3
5.9
EPSS
0.0041
EPSS Percentile
33.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-187
Status
published
Products (3)
rubygems/view_component
3.0.0 - 4.9.0RubyGems
viewcomponent/view_component
3.0.0 - 4.9.0
ViewComponent/view_component
>= 3.0.0, < 4.9.0
Published
May 26, 2026
Tracked Since
May 27, 2026