CVE-2026-41493

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.42

Description A path traversal issue exists when using yard server to serve documentation. This flaw allows unsanitized HTTP requests to access arbitrary files on the host machine under certain conditions. Path traversal is a security gap where an attacker can access files and directories stored outside the intended folder by manipulating file paths.

Recommendations Upgrade to version 0.9.42. Perform path sanitization of HTTP requests at the webserver level. Use WEBrick via yard server -s webrick to perform default sanitization.