CVE-2026-34060P2CRITICALCVSS 9.8fixed in 0.26.92026-03-31
CVE-2026-34060 [CRITICAL] CWE-94 CVE-2026-34060: Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp ve
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/s
ghsanvdosv