CVE-2026-41493
yard: Possible arbitrary path traversal and file access via yard server
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.
| CWE | CWE-22 |
| Vendor | lsegal |
| Product | yard |
| Published | May 8, 2026 |
| Last Updated | May 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for lsegal yard
Be the first to know when new unknown vulnerabilities affecting lsegal yard are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
lsegal / yard
< 0.9.42