diff --git a/gems/erb/CVE-2026-41316.yml b/gems/erb/CVE-2026-41316.yml
new file mode 100644
index 0000000000..c981237373
--- /dev/null
+++ b/gems/erb/CVE-2026-41316.yml
@@ -0,0 +1,19 @@
+---
+gem: erb
+cve: 2026-41316
+url: https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac
+title: espeak-ruby Gem for Ruby Arbitrary Command Execution
+date: 2016-04-13
+description: |
+  ERB implements an @_init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted
+  data. However, ERB#def_method, ERB#def_module, and ERB#def_class evaluate the template source without checking this guard,
+  allowing an attacker who controls the data passed to Marshal.load to bypass the protection and execute arbitrary code. In
+  particular, def_module takes no arguments, making it straightforward to invoke as part of a deserialization gadget chain.
+
+  Please update the erb gem to version 4.0.3.1, 4.0.4.1, 6.0.1.1, 6.0.4 or later.
+cvss_v3: 9.8
+patched_versions:
+  - ">= 4.0.3.1"
+  - ">= 4.0.4.1"
+  - ">= 6.0.1.1"
+  - ">= 6.0.4"
diff --git a/rubies/ruby/CVE-2026-41316.yml b/rubies/ruby/CVE-2026-41316.yml
new file mode 100644
index 0000000000..57e3cc2c69
--- /dev/null
+++ b/rubies/ruby/CVE-2026-41316.yml
@@ -0,0 +1,22 @@
+---
+engine: ruby
+cve: 2026-41316
+url: https://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/
+title: ERB @_init deserialization guard bypass via def_module / def_method / def_class
+date: 2026-04-21
+description: |
+  ERB implements an @_init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted
+  data. However, ERB#def_method, ERB#def_module, and ERB#def_class evaluate the template source without checking this guard,
+  allowing an attacker who controls the data passed to Marshal.load to bypass the protection and execute arbitrary code. In
+  particular, def_module takes no arguments, making it straightforward to invoke as part of a deserialization gadget chain.
+
+  Please update the erb gem to version 4.0.3.1, 4.0.4.1, 6.0.1.1, 6.0.4 or later.
+
+patched_versions:
+  - "~> 4.0.3"
+related:
+  url:
+    - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/erb/CVE-2026-41316.yml
+    - https://www.cve.org/CVERecord?id=CVE-2026-41316
+    - https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
+    - https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac