Misc #22005: Missing information about CVE on cve.org - Ruby - Ruby Issue Tracking System

Actions

Copy link

Misc #22005

open

Missing information about CVE on cve.org

Misc #22005: Missing information about CVE on cve.org

Added by vo.x (Vit Ondruch) about 23 hours ago. Updated about 12 hours ago.

Status:

Open

Assignee:

[ruby-core:125280]

Description

The CVE-2026-27820 was fixed and disclosed more than one month ago:

https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820/

However, there is still no public information on https://www.cve.org/CVERecord?id=CVE-2026-27820 . Could this be fixed please?

BTW the same situation was for CVE-2025-61594, where the information was not there for months. This points to a gap in a security release process. Could the process be improved so the information is disclosed in timely manner?

Updated by hsbt (Hiroshi SHIBATA) about 12 hours ago 1Actions
Copy link
#1 [ruby-core:125283]

We recently switched our CVE Numbering Authority from MITRE to GitHub, which may be causing this. Previously, MITRE would update cve.org records on their own after we published advisories on www.ruby-lang.org, but it seems GitHub may not do the same automatically.

We'll look into it, though I'm not yet sure we can fully resolve this on our end.

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Ruby

Custom queries

Misc #22005

Missing information about CVE on cve.org

Updated by hsbt (Hiroshi SHIBATA) about 12 hours ago 1Actions
Copy link
#1 [ruby-core:125283]

Project

General

Profile

Ruby

Custom queries

Misc #22005

Missing information about CVE on cve.org

Updated by hsbt (Hiroshi SHIBATA) about 12 hours ago 1ActionsCopy link #1 [ruby-core:125283]

Updated by hsbt (Hiroshi SHIBATA) about 12 hours ago 1Actions
Copy link
#1 [ruby-core:125283]