CVE-2026-46727
published 2026-05-22CVE-2026-46727: An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo…
PriorityP349high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.48%
37.6th percentile
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:). Memory-corruption-based exploitation is theoretically possible. The attack could, for example, be carried out through a crafted authoritative DNS server or recursive resolver.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | >= 4.0.0 < 4.0.5 | 4.0.5 |
| ruby-lang | ruby | >= 4.0.0 < 4.0.5 | 4.0.5 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jfc8-2xw7-c79m: An issue was discovered in Ruby 4 before 4
ghsa_unreviewed·2026-05-26
CVE-2026-46727 [HIGH] CWE-362 GHSA-jfc8-2xw7-c79m: An issue was discovered in Ruby 4 before 4
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:). Memory-corruption-based exploitation is theoretically possible. The attack could, for example, be carried out through a crafted authoritative DNS server or recursive resolver.
VulDB
Ruby up to 4.0.4 Authoritative ext/socket/raddrinfo.c rb_getaddrinfo race condition
vuldb·2026-05-22
CVE-2026-46727 [LOW] Ruby up to 4.0.4 Authoritative ext/socket/raddrinfo.c rb_getaddrinfo race condition
A vulnerability was found in Ruby up to 4.0.4. It has been rated as problematic. This impacts the function rb_getaddrinfo of the file ext/socket/raddrinfo.c of the component Authoritative Handler. Performing a manipulation results in race condition.
This vulnerability was named CVE-2026-46727. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
CVEList
CVE-2026-46727: An issue was discovered in Ruby 4 before 4
cvelistv5·2026-05-22·CVSS 8.1
CVE-2026-46727 [HIGH] CWE-362 CVE-2026-46727: An issue was discovered in Ruby 4 before 4
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:). Memory-corruption-based exploitation is theoretically possible. The attack could, for example, be carried out through a crafted authoritative DNS server or recursive resolver.
Oracle
Oracle Oracle Communications Risk Matrix: Core (Rack) — CVE-2025-46727
vendor_oracle·2026-01-15·CVSS 7.5
CVE-2025-46727 [HIGH] Oracle Oracle Communications Risk Matrix: Core (Rack) — CVE-2025-46727
Oracle Oracle Communications Risk Matrix: Core (Rack) vulnerability
CVE: CVE-2025-46727
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2026 (JAN 2026)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-22
Published