| CVE-2026-26961 |
medium |
— |
5.5 |
2mo ago |
Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass. |
|
| CVE-2026-26962 |
medium |
— |
5.5 |
2mo ago |
Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values |
|
| CVE-2026-32762 |
medium |
— |
5.5 |
2mo ago |
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing |
|
| CVE-2026-34763 |
medium |
— |
5.5 |
2mo ago |
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory |
|
| CVE-2026-34786 |
medium |
— |
5.5 |
2mo ago |
Rack:: Static header_rules bypass via URL-encoded paths |
|
| CVE-2026-34826 |
medium |
— |
5.5 |
2mo ago |
Rack's multipart byte range processing allows denial of service via excessive overlapping ranges |
|
| CVE-2026-34830 |
medium |
— |
5.5 |
2mo ago |
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect |
|
| CVE-2026-34831 |
medium |
— |
5.5 |
2mo ago |
Rack has Content-Length mismatch in Rack::Files error responses |
|
| CVE-2026-34835 |
medium |
— |
5.5 |
2mo ago |
Rack::Request accepts invalid Host characters, enabling host allowlist bypass |
|