PT-2026-29810 · Rack+3 · Rack+3
Haruki0409
·
Published
2026-04-02
·
Updated
2026-05-13
·
CVE-2026-34763
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rack versions prior to 2.2.23, 3.1.21, and 3.2.6
Description
Rack::Directory interpolates the configured
root path directly into a regular expression when deriving the displayed directory path. If the root path contains regex metacharacters such as +, *, or ., the prefix stripping can fail, and the generated directory listing may expose the full filesystem path in the HTML output. This can expose internal deployment details such as directory layout, usernames, mount points, or naming conventions. The issue occurs because the configured path is inserted directly into a regular expression without escaping.Recommendations
Update to Rack version 2.2.23 or later.
Update to Rack version 3.1.21 or later.
Update to Rack version 3.2.6 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Rack
Red Os
Ubuntu