CVE-2026-23885P2CRITICALCVSS 9.9fixed in 7.4.12·v>= 8.0.0.a, < 8.0.32026-01-19
CVE-2026-23885 [CRITICAL] CWE-95 CVE-2026-23885: Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versio
Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribute in `Alchemy::ResourcesHelper#resource_url_proxy`. The vulnerability exists in `app/helpers/a
nvd