rubysec · postmodern · Mar 30, 2026 · Mar 28, 2026
diff --git a/gems/loofah/GHSA-46fp-8f5p-pf2m.yml b/gems/loofah/GHSA-46fp-8f5p-pf2m.yml
@@ -48,4 +48,7 @@ patched_versions:
 related:
   url:
     - https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m
+    - https://github.com/flavorjones/loofah/releases/tag/v2.25.1
+    - https://github.com/flavorjones/loofah/commit/f4ebc9c5193dde759a57541062e490e86fc7c068
+    - https://github.com/advisories/GHSA-2j22-pr5w-6gq8
     - https://github.com/advisories/GHSA-46fp-8f5p-pf2m
diff --git a/gems/mcp/CVE-2026-33946.yml b/gems/mcp/CVE-2026-33946.yml
@@ -0,0 +1,53 @@
+---
+gem: mcp
+cve: 2026-33946
+ghsa: qvqr-5cv7-wh35
+url: https://github.com/modelcontextprotocol/ruby-sdk/security/advisories/GHSA-qvqr-5cv7-wh35
+title: MCP Ruby SDK - Insufficient Session Binding Allows SSE
+  Stream Hijacking via Session ID Replay
+date: 2026-03-27
+description: |
+  ### Summary
+
+  The Ruby SDK's [streamable_http_transport.rb](https://github.com/modelcontextprotocol/ruby-sdk/blob/main/lib/mcp/server/transports/streamable_http_transport.rb)
+  implementation contains a session hijacking vulnerability. An attacker
+  who obtains a valid session ID can completely hijack the victim's
+  Server-Sent Events (SSE) stream and intercept all real-time data.
+
+  ### Details
+
+  **Root Cause**
+
+  The StreamableHTTPTransport implementation stores only one SSE stream
+  object per session ID and lacks:
+
+  - Session-to-user identity binding
+  - Ownership validation when establishing SSE connections
+  - Protection against multiple simultaneous connections to the same session
+
+  ### Impact
+
+  While the absence of user binding may not pose immediate risks if
+  session IDs are not used to store sensitive data or state, the
+  fundamental purpose of session IDs is to maintain stateful connections.
+  If the SDK or its consumers utilize session IDs for sensitive operations
+  without proper user binding controls, this creates a potential security
+  vulnerability. For example: In the case of the Ruby SDK, the attacker
+  was able to hijack the stream and receive all the tool responses
+  belonging to the victim. The tool responses can be sensitive
+  confidential data.
+cvss_v3: 8.2
+patched_versions:
+  - ">= 0.9.2"
+related:
+  url:
+    - https://www.cve.org/CVERecord?id=CVE-2026-33946
+    - https://github.com/modelcontextprotocol/ruby-sdk/releases/tag/v0.9.2
+    - https://github.com/modelcontextprotocol/ruby-sdk/security/advisories/GHSA-qvqr-5cv7-wh35
+    - https://github.com/modelcontextprotocol/ruby-sdk/blob/main/examples/streamable_http_server.rb
+    - https://github.com/modelcontextprotocol/ruby-sdk/commit/db40143402d65b4fb6923cec42d2d72cb89b3874
+    - https://hackerone.com/reports/3556146
+    - https://github.com/modelcontextprotocol/csharp-sdk/blob/main/src/ModelContextProtocol.AspNetCore/SseHandler.cs#L93-L97
+    - https://github.com/modelcontextprotocol/go-sdk/blob/main/mcp/streamable.go#L281C1-L288C2
+    - https://github.com/modelcontextprotocol/python-sdk/blob/main/src/mcp/server/streamable_http.py#L680-L685
+    - https://github.com/advisories/GHSA-qvqr-5cv7-wh35
diff --git a/gems/ruby-lsp/CVE-2026-34060.yml b/gems/ruby-lsp/CVE-2026-34060.yml
@@ -0,0 +1,58 @@
+---
+gem: ruby-lsp
+cve: 2026-34060
+ghsa: c4r5-fxqw-vh93
+url: https://github.com/Shopify/ruby-lsp/security/advisories/GHSA-c4r5-fxqw-vh93
+title: Ruby LSP has arbitrary code execution through branch setting
+date: 2026-03-27
+description: |
+
+  ## Summary
+
+  The `rubyLsp.branch` VS Code workspace setting was interpolated without
+  sanitization into a generated Gemfile, allowing arbitrary Ruby code
+  execution when a user opens a project containing a malicious
+  `.vscode/settings.json`.
+
+  Other editors that support workspace setting that get automatically
+  applied upon opening the editor and trusting the workspace are also
+  impacted since the server is the component that performs the interpolation.
+
+  ## Details
+
+  The `branch` CLI argument passed to the `ruby-lsp` server was
+  interpolated in the generated `.ruby-lsp/Gemfile` without sanitization.
+   Editors that allow defining settings saved at the workspace level
+  (e.g.: `.vscode/settings.json`) that gets automatically applied open
+  the possibility to craft a malicious repository that once opened and
+  trusted in the editor would run arbitrary code.
+
+  ## Impact
+
+  Code execution with the privileges of the user who opens the malicious
+  project. Ruby LSP assumes workspace code is trusted and so opening
+  the editor on an untrusted workspace can lead to executing potentially
+  dangerous code.
+
+  ## Remediation
+
+  The `rubyLsp.branch` setting has been removed entirely. VS Code extensions
+  auto-update by default, so most users will receive the fix without
+  action. Users who have disabled auto-updates should update to extension
+  version >= 0.10.2.
+
+  The `branch` CLI flag was also entirely removed from the `ruby-lsp`
+  gem. For users that don't add `ruby-lsp` to their Gemfiles, the
+  server should auto-update. Users with the `ruby-lsp` in the Gemfile
+  and locked to a specific version should update to >= 0.26.9.
+cvss_v2: 7.5
+cvss_v3: 9.8
+cvss_v4: 7.1
+patched_versions:
+  - ">= 0.26.9"
+related:
+  url:
+    - https://www.tenable.com/cve/CVE-2026-34060
+    - https://github.com/Shopify/ruby-lsp/security/advisories/GHSA-c4r5-fxqw-vh93
+    - https://github.com/Shopify/ruby-lsp/releases/tag/v0.26.9
+    - https://github.com/advisories/GHSA-c4r5-fxqw-vh93