What is CVE-2026-46727?

CVE-2026-46727 is a high-severity vulnerability in Ruby-lang Ruby, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 8.1/10. Published 2026-05-22.

How severe is CVE-2026-46727?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Ruby-lang Ruby

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses n…

Vulnerability class: Race Condition

EPSS: 0.002 (36.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ruby-lang Ruby — versions 4.0.0

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

cve@mitre.org (Permissions Required)
cve@mitre.org (Vendor Advisory)

Frequently asked questions

What is CVE-2026-46727?: CVE-2026-46727 is a high-severity vulnerability in Ruby-lang Ruby, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 8.1/10. Published 2026-05-22.
How severe is CVE-2026-46727?: High severity. CVSS v3 base score is 8.1 out of 10.