CVE-2026-49342
MEDIUMYARD static cache reads raw traversal paths before router sanitization
Title source: cnaDescription
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html` is joined against that root and can return a readable sibling `.html` file outside the intended static tree. Version 0.9.44 patches the issue.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/lsegal/yard/security/advisories/GHSA-pxcc-8665-phx8
X_Refsource_Misc x_refsource_misc
https://github.com/lsegal/yard/commit/f78c19f0dd33a407085b4ed181bb60c0aa0078b4
Scores
CVSS v3
5.3
EPSS
0.0027
EPSS Percentile
19.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
lsegal/yard
< 0.9.44
rubygems/yard
0 - 0.9.44RubyGems
Published
Jun 19, 2026
Tracked Since
Jun 20, 2026