Tag
A critical HTML-safety bypass vulnerability, CVE-2026-54498, exists in ViewComponent versions prior to 4.12.0, allowing attackers to inject raw HTML via the `around_render` method, bypassing standard escaping and leading to Cross-Site Scripting (XSS) in affected Ruby on Rails applications.