CVE-2026-22860

High CVSS: 7.5

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

Vendor

Rack

Product

Rack

CWE

CWE-22

Yayın Tarihi

2026-02-18 19:21:43

Güncelleme

2026-02-19 18:27:09

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Rack HIGH Rack 2026

Referanslar

https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7 https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh

Benzer Kayıtlar

Medium

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack…

Medium

CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an…

High

CVE-2025-61919

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the…

Medium

CVE-2025-61780

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclos…

High

CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser`…

High

CVE-2025-61772

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` c…