| CVE-2026-34829 |
high |
— |
8.0 |
2mo ago |
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads |
|
| CVE-2026-34230 |
high |
— |
8.0 |
2mo ago |
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header |
|
| CVE-2026-34785 |
high |
— |
8.0 |
2mo ago |
Rack::Static prefix matching can expose unintended files under the static root |
|
| CVE-2026-34827 |
high |
— |
8.0 |
2mo ago |
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters |
|
| CVE-2026-34786 |
medium |
— |
5.5 |
2mo ago |
Rack:: Static header_rules bypass via URL-encoded paths |
|
| CVE-2026-34826 |
medium |
— |
5.5 |
2mo ago |
Rack's multipart byte range processing allows denial of service via excessive overlapping ranges |
|
| CVE-2026-34830 |
medium |
— |
5.5 |
2mo ago |
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect |
|
| CVE-2026-34831 |
medium |
— |
5.5 |
2mo ago |
Rack has Content-Length mismatch in Rack::Files error responses |
|
| CVE-2026-26961 |
medium |
— |
5.5 |
2mo ago |
Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass. |
|
| CVE-2026-34835 |
medium |
— |
5.5 |
2mo ago |
Rack::Request accepts invalid Host characters, enabling host allowlist bypass |
|
| CVE-2026-26962 |
medium |
— |
5.5 |
2mo ago |
Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values |
|
| CVE-2026-32762 |
medium |
— |
5.5 |
2mo ago |
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing |
|
| CVE-2026-34763 |
medium |
— |
5.5 |
2mo ago |
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory |
|