Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rack — Vulnerabilities & Security Advisories 35

All 35 CVE vulnerabilities found in rack, with AI-generated Chinese analysis, references, and POCs.

Vendor: Rack

CVE IDTitleCVSSSeverityPublished
CVE-2026-26962 Rack: Header injection in multipart requests CWE-93 4.8 Medium2026-04-02
CVE-2026-34835 Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass. CWE-1286 4.8 Medium2026-04-02
CVE-2026-34827 Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser CWE-407 7.5 High2026-04-02
CVE-2026-32762 Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing CWE-436 4.8 Medium2026-04-02
CVE-2026-34830 Rack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads through nginx CWE-625 5.9 Medium2026-04-02
CVE-2026-34829 Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length CWE-400 7.5 High2026-04-02
CVE-2026-34826 Rack: Unbounded Range Count in get_byte_ranges Enables DoS CWE-400 5.3 Medium2026-04-02
CVE-2026-34786 Rack: Rack::Static header_rules bypass via URL-encoded paths CWE-180 5.3 Medium2026-04-02
CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching CWE-187 7.5 High2026-04-02
CVE-2026-34763 Rack: Rack::Directory info disclosure and DoS via unescaped regex interpolation CWE-625 5.3 Medium2026-04-02
CVE-2026-34831 Rack: Content-Length mismatch in Rack::Files error responses CWE-130 4.8 Medium2026-04-02
CVE-2026-26961 Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass CWE-436 3.7 Low2026-04-02
CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header CWE-400 5.3 Medium2026-04-02
CVE-2026-25500 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href CWE-79 5.4 Medium2026-02-18
CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory CWE-22 7.5 High2026-02-18
CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing CWE-400 7.5 High2025-10-10
CVE-2025-61780 Rack has Possible Information Disclosure Vulnerability CWE-200 5.8 Medium2025-10-10
CVE-2025-61772 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) CWE-400 7.5 High2025-10-07
CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) CWE-400 7.5 High2025-10-07
CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) CWE-400 7.5 High2025-10-07
CVE-2025-59830 Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters CWE-400 7.5 High2025-09-25
CVE-2025-49007 ReDoS Vulnerability in Rack::Multipart handle_mime_head CWE-770 7.5AIHighAI2025-06-04
CVE-2025-46727 Unbounded-Parameter DoS in Rack::QueryParser CWE-400 7.5 High2025-05-07
CVE-2025-32441 Rack session gets restored after deletion CWE-362 4.2 Medium2025-05-07
CVE-2025-27610 Local File Inclusion in Rack::Static CWE-23 7.5 High2025-03-10
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection CWE-93 5.3 -2025-03-04
CVE-2025-25184 Possible Log Injection in Rack::CommonLogger CWE-93 4.3 -2025-02-12
CVE-2023-27539 Rack 安全漏洞 7.5 -2025-01-09
CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing CWE-1333 6.5 Medium2024-07-02
CVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack CWE-400 5.8 Medium2024-02-28

All 35 known CVE vulnerabilities affecting rack with full Chinese analysis, references, and POCs where available.