PT-2026-29813 · Rack+3 · Rack+3
Haruki0409
·
Published
2026-04-02
·
Updated
2026-05-13
·
CVE-2026-34786
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rack versions prior to 2.2.23, 3.1.21, and 3.2.6
Description
Rack’s
Rack::Static#applicable rules component evaluates header rules against the raw URL-encoded PATH INFO, while the file-serving path is decoded. This allows an attacker to bypass header rules by requesting an encoded form of a static path, potentially disabling security-relevant response headers. The issue arises from a canonicalization mismatch between the path used for header policy decisions and the path used for file serving. The impact depends on the configured rules and the types of files served.Recommendations
Update to Rack version 2.2.23, 3.1.21, or 3.2.6 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Rack
Red Os
Ubuntu