CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Yardoc: >> Yard >> 0.9.36 Security Vulnerabilities

CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.

CVSS Score

6.9

EPSS Score

0.001

Published

2026-05-08

Page 1

Vulnerabilities

Vulnerable Software

Yardoc: >> Yard >> 0.9.36 Security Vulnerabilities

Products

Pricing

Contact Us