CVE-2026-34060 | Shopify ruby-lsp up to 0.26.8 vscode/settings.json code injection (GHSA-c4r5-fxqw-vh93)

A vulnerability was found in Shopify ruby-lsp up to 0.26.8. It has been classified as critical. This issue affects some unknown processing of the file vscode/settings.json. Performing a manipulation results in code injection.

This vulnerability was named CVE-2026-34060. The attack needs to be approached locally. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More