Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
ruby-rack vulnerabilities
USN-8182-1
Summary
Andrew Lacambra discovered that Rack did not properly parse certain regular
expressions. An attacker could possibly use this issue to bypass network
security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)
William T. Nelson ...
What to do
- Update canonical ruby-rack to version 1.5.2-3+deb8u3ubuntu1~esm11.
- Update canonical ruby-rack to version 1.6.4-3ubuntu0.2+esm10.
- Update canonical ruby-rack to version 1.6.4-4ubuntu0.2+esm10.
- Update canonical ruby-rack to version 2.0.7-2ubuntu0.1+esm10.
- Update canonical ruby-rack to version 2.1.4-5ubuntu1.2+esm3.
- Update canonical ruby-rack to version 2.2.7-1ubuntu0.7.
- Update canonical ruby-rack to version 3.1.16-0.1ubuntu0.3.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Ubuntu:Pro:14.04:LTS | canonical | ruby-rack |
< 1.5.2-3+deb8u3ubuntu1~esm11 Fix: upgrade to 1.5.2-3+deb8u3ubuntu1~esm11
|
| Ubuntu:Pro:16.04:LTS | canonical | ruby-rack |
< 1.6.4-3ubuntu0.2+esm10 Fix: upgrade to 1.6.4-3ubuntu0.2+esm10
|
| Ubuntu:Pro:18.04:LTS | canonical | ruby-rack |
< 1.6.4-4ubuntu0.2+esm10 Fix: upgrade to 1.6.4-4ubuntu0.2+esm10
|
| Ubuntu:Pro:20.04:LTS | canonical | ruby-rack |
< 2.0.7-2ubuntu0.1+esm10 Fix: upgrade to 2.0.7-2ubuntu0.1+esm10
|
| Ubuntu:Pro:22.04:LTS | canonical | ruby-rack |
< 2.1.4-5ubuntu1.2+esm3 Fix: upgrade to 2.1.4-5ubuntu1.2+esm3
|
| Ubuntu:24.04:LTS | canonical | ruby-rack |
< 2.2.7-1ubuntu0.7 Fix: upgrade to 2.2.7-1ubuntu0.7
|
| Ubuntu:25.10 | canonical | ruby-rack |
< 3.1.16-0.1ubuntu0.3 Fix: upgrade to 3.1.16-0.1ubuntu0.3
|
Original title
ruby-rack vulnerabilities
Original description
Andrew Lacambra discovered that Rack did not properly parse certain regular
expressions. An attacker could possibly use this issue to bypass network
security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)
William T. Nelson discovered that Rack did not handle multipart headers
correctly. An attacker could possibly use this issue to cause downstream
parsing issues or a denial of service. This issue only affected Ubuntu
25.10. (CVE-2026-26962)
It was discovered that Rack did not handle the Forwarded header correctly.
An attacker could possibly use this issue to manipulate header values. This
issue only affected Ubuntu 25.10. (CVE-2026-32762)
It was discovered that Rack could consume excessive CPU when handling
certain Accept-Encoding values. An attacker could possibly use this issue
to cause a denial of service. (CVE-2026-34230)
Haruki Oyama discovered that certain configurations of Rack could
erroneously fail to derive the displayed directory path, and expose the
full filesystem path. An attacker could possibly use this issue to disclose
deployment details such as layout and usernames. (CVE-2026-34763)
It was discovered that Rack did not properly handle static file paths. An
attacker could possibly use this issue to exfiltrate unintentionally served
data. (CVE-2026-34785)
Haruki Oyama discovered that Rack did not apply header rules to certain
requests for URL-encoded static paths. An attacker could possibly use this
issue to bypass security-relevant response headers. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS, and Ubuntu 25.10. (CVE-2026-34786)
It was discovered that Rack did not limit the number of ranges requested in
the Range header. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34826)
It was discovered that Rack could consume excessive CPU when parsing
certain multipart parameters. An attacker could possibly use this to cause
a denial of service. This issue only affected Ubuntu 25.10.
(CVE-2026-34827)
It was discovered that Rack could consume unbounded disk space when
handling requests without a Content-Length header. An attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34829)
Mehtab Zafar discovered that Rack directly interpreted the X-Accel-Mapping
header as a regular expression without escaping. An attacker could possibly
use this issue to exfiltrate arbitrary files from internal locations. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34830)
It was discovered that Rack did not properly handle messages with Unicode.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34831)
It was discovered that Rack did not properly parse the Host header. An
attacker could possibly use this issue to bypass security filters or poison
generated links. This issue only affected Ubuntu 25.10. (CVE-2026-34835)
expressions. An attacker could possibly use this issue to bypass network
security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)
William T. Nelson discovered that Rack did not handle multipart headers
correctly. An attacker could possibly use this issue to cause downstream
parsing issues or a denial of service. This issue only affected Ubuntu
25.10. (CVE-2026-26962)
It was discovered that Rack did not handle the Forwarded header correctly.
An attacker could possibly use this issue to manipulate header values. This
issue only affected Ubuntu 25.10. (CVE-2026-32762)
It was discovered that Rack could consume excessive CPU when handling
certain Accept-Encoding values. An attacker could possibly use this issue
to cause a denial of service. (CVE-2026-34230)
Haruki Oyama discovered that certain configurations of Rack could
erroneously fail to derive the displayed directory path, and expose the
full filesystem path. An attacker could possibly use this issue to disclose
deployment details such as layout and usernames. (CVE-2026-34763)
It was discovered that Rack did not properly handle static file paths. An
attacker could possibly use this issue to exfiltrate unintentionally served
data. (CVE-2026-34785)
Haruki Oyama discovered that Rack did not apply header rules to certain
requests for URL-encoded static paths. An attacker could possibly use this
issue to bypass security-relevant response headers. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS, and Ubuntu 25.10. (CVE-2026-34786)
It was discovered that Rack did not limit the number of ranges requested in
the Range header. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34826)
It was discovered that Rack could consume excessive CPU when parsing
certain multipart parameters. An attacker could possibly use this to cause
a denial of service. This issue only affected Ubuntu 25.10.
(CVE-2026-34827)
It was discovered that Rack could consume unbounded disk space when
handling requests without a Content-Length header. An attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34829)
Mehtab Zafar discovered that Rack directly interpreted the X-Accel-Mapping
header as a regular expression without escaping. An attacker could possibly
use this issue to exfiltrate arbitrary files from internal locations. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34830)
It was discovered that Rack did not properly handle messages with Unicode.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34831)
It was discovered that Rack did not properly parse the Host header. An
attacker could possibly use this issue to bypass security filters or poison
generated links. This issue only affected Ubuntu 25.10. (CVE-2026-34835)
- https://ubuntu.com/security/notices/USN-8182-1 Vendor Advisory
- https://ubuntu.com/security/CVE-2026-26961 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-26962 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-32762 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34230 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34763 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34785 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34786 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34826 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34827 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34829 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34830 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34831 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-34835 Third Party Advisory
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026