Vulnerability in Viewcomponent View_component
CVE-2026-44836
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not…
EPSS: 0.000 (2.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Viewcomponent View_component — versions >= 3.0.0, < 4.9.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-44836?
- CVE-2026-44836 is a medium-severity vulnerability in Viewcomponent View_component, classified under CWE-749. CVSS score: 6.5/10. Published 2026-05-26.
- How severe is CVE-2026-44836?
- Medium severity. CVSS v3 base score is 6.5 out of 10.