CVE-2026-34830: Ruby Unescaped Regex Interpolation Path Sub
Unescaped variables interpolated into regular expressions can alter match logic if they contain regex metacharacters. In path stripping contexts, this can fail to remove intended root prefixes, leading to absolute path disclosure. Always secure dynamic values using `Regexp.escape(...)` before interpolation.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Rubyβ
Rubyβgreprules fetch cve-2026-34830-ruby-unescaped-regex-interpolation-path-sub --engine opengrepDescription
Unescaped variables interpolated into regular expressions can alter match logic if they contain regex metacharacters. In path stripping contexts, this can fail to remove intended root prefixes, leading to absolute path disclosure. Always secure dynamic values using `Regexp.escape(...)` before interpolation.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0