CVE-2026-46727
Possible ATT&CK Techniques 2AI
T1498.001 · Direct Network Flood T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46727
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:). Memory-corruption-based exploitation is theoretically possible. The attack could, for example, be carried out through a crafted authoritative DNS server or recursive resolver.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-46727
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46727
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-46727 (1)
IV. Related Vulnerabilities
Same weakness: CWE-362
- CVE-2026-4635
Persistent notification timing attack causing server denial - CVE-2026-44059
Non-reentrant privilege toggle - CVE-2026-5947
SIG(0) validation during query flood may lead to undefined b - CVE-2026-42099
Race Condition in Sparx Pro Cloud Server - CVE-2026-8741
EMQX QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl rac
V. Comments for CVE-2026-46727
No comments yet