| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-34230 |
high |
— |
8.0 |
2mo ago |
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header |
|
| CVE-2026-34785 |
high |
— |
8.0 |
2mo ago |
Rack::Static prefix matching can expose unintended files under the static root |
|
| CVE-2026-34827 |
high |
— |
8.0 |
2mo ago |
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters |
|
| CVE-2026-34829 |
high |
— |
8.0 |
2mo ago |
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads |
|