Project

General

Profile

Actions
Copy link

Misc #22005

open

Missing information about CVE on cve.org

Misc #22005: Missing information about CVE on cve.org

Added by vo.x (Vit Ondruch) about 18 hours ago. Updated about 8 hours ago.

Status:
Open
Assignee:
-
[ruby-core:125280]

Description

The CVE-2026-27820 was fixed and disclosed more than one month ago:

https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820/

However, there is still no public information on https://www.cve.org/CVERecord?id=CVE-2026-27820 . Could this be fixed please?

BTW the same situation was for CVE-2025-61594, where the information was not there for months. This points to a gap in a security release process. Could the process be improved so the information is disclosed in timely manner?

Updated by hsbt (Hiroshi SHIBATA) about 8 hours ago 1Actions
Copy link
 #1 [ruby-core:125283]

We recently switched our CVE Numbering Authority from MITRE to GitHub, which may be causing this. Previously, MITRE would update cve.org records on their own after we published advisories on www.ruby-lang.org, but it seems GitHub may not do the same automatically.

We'll look into it, though I'm not yet sure we can fully resolve this on our end.

Actions
Copy link

Also available in: PDF Atom