Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Ruby on Rails Directory Traversal Vulnerability in Action Pack

Vulnerability

Exploited

A directory traversal vulnerability has been identified in Ruby on Rails versions prior to 3.2.18, 4.0.x prior to 4.0.5, and 4.1.x prior to 4.1.1. The vulnerability exists in the implicit-render implementation of Action Pack, specifically within the abstract controller base. When certain route globbing configurations are enabled, remote attackers can read arbitrary files by sending a crafted request that exploits this directory traversal flaw.

Impact

Exploitation of this vulnerability allows for arbitrary file read access on the server, potentially leading to the disclosure of sensitive information.

Remediation

Users are advised to upgrade to Ruby on Rails versions 3.2.18, 4.0.5, or 4.1.1. For Red Hat Subscription Asset Manager users, this update is available through the Red Hat Network.

Added: May 15, 2026, 8:57 AM

Updated: May 15, 2026, 8:57 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

10.0

remediation

0.0

relevance

0.0

threat

9.1

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

10.0

remediation

0.0

relevance

0.0

threat

9.1

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Ruby on Rails Directory Traversal Vulnerability in Action Pack

Vulnerability

Impact

Remediation

Affected Products

Ruby on Rails

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating