Packages
- ruby-rack - modular Ruby webserver interface
Details
Andrew Lacambra discovered that Rack did not properly parse certain regular
expressions. An attacker could possibly use this issue to bypass network
security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)
William T. Nelson discovered that Rack did not handle multipart headers
correctly. An attacker could possibly use this issue to cause downstream
parsing issues or a denial of service. This issue only affected Ubuntu
25.10. (CVE-2026-26962)
It was discovered that Rack did not handle the Forwarded header correctly.
An attacker could possibly use this issue to manipulate header values. This
issue only affected Ubuntu 25.10. (CVE-2026-32762)
It was discovered that Rack could consume excessive CPU when handling
certain Accept-Encoding...
Andrew Lacambra discovered that Rack did not properly parse certain regular
expressions. An attacker could possibly use this issue to bypass network
security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)
William T. Nelson discovered that Rack did not handle multipart headers
correctly. An attacker could possibly use this issue to cause downstream
parsing issues or a denial of service. This issue only affected Ubuntu
25.10. (CVE-2026-26962)
It was discovered that Rack did not handle the Forwarded header correctly.
An attacker could possibly use this issue to manipulate header values. This
issue only affected Ubuntu 25.10. (CVE-2026-32762)
It was discovered that Rack could consume excessive CPU when handling
certain Accept-Encoding values. An attacker could possibly use this issue
to cause a denial of service. (CVE-2026-34230)
Haruki Oyama discovered that certain configurations of Rack could
erroneously fail to derive the displayed directory path, and expose the
full filesystem path. An attacker could possibly use this issue to disclose
deployment details such as layout and usernames. (CVE-2026-34763)
It was discovered that Rack did not properly handle static file paths. An
attacker could possibly use this issue to exfiltrate unintentionally served
data. (CVE-2026-34785)
Haruki Oyama discovered that Rack did not apply header rules to certain
requests for URL-encoded static paths. An attacker could possibly use this
issue to bypass security-relevant response headers. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS, and Ubuntu 25.10. (CVE-2026-34786)
It was discovered that Rack did not limit the number of ranges requested in
the Range header. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34826)
It was discovered that Rack could consume excessive CPU when parsing
certain multipart parameters. An attacker could possibly use this to cause
a denial of service. This issue only affected Ubuntu 25.10.
(CVE-2026-34827)
It was discovered that Rack could consume unbounded disk space when
handling requests without a Content-Length header. An attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34829)
Mehtab Zafar discovered that Rack directly interpreted the X-Accel-Mapping
header as a regular expression without escaping. An attacker could possibly
use this issue to exfiltrate arbitrary files from internal locations. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34830)
It was discovered that Rack did not properly handle messages with Unicode.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.10. (CVE-2026-34831)
It was discovered that Rack did not properly parse the Host header. An
attacker could possibly use this issue to bypass security filters or poison
generated links. This issue only affected Ubuntu 25.10. (CVE-2026-34835)
Update instructions
After a standard system update you need to restart any applications using Rack to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.10 questing | ruby-rack – 3.1.16-0.1ubuntu0.3 | ||
| 24.04 LTS noble | ruby-rack – 2.2.7-1ubuntu0.7 | ||
| 22.04 LTS jammy | ruby-rack – 2.1.4-5ubuntu1.2+esm3 | ||
| 20.04 LTS focal | ruby-rack – 2.0.7-2ubuntu0.1+esm10 | ||
| 18.04 LTS bionic | ruby-rack – 1.6.4-4ubuntu0.2+esm10 | ||
| 16.04 LTS xenial | ruby-rack – 1.6.4-3ubuntu0.2+esm10 | ||
| 14.04 LTS trusty | librack-ruby – 1.5.2-3+deb8u3ubuntu1~esm11 | ||
| librack-ruby1.8 – 1.5.2-3+deb8u3ubuntu1~esm11 | |||
| librack-ruby1.9.1 – 1.5.2-3+deb8u3ubuntu1~esm11 | |||
| ruby-rack – 1.5.2-3+deb8u3ubuntu1~esm11 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2026-34835
- CVE-2026-34831
- CVE-2026-34830
- CVE-2026-34829
- CVE-2026-34827
- CVE-2026-34826
- CVE-2026-34786
- CVE-2026-34785
- CVE-2026-34763
- CVE-2026-34230
- CVE-2026-34835
- CVE-2026-34831
- CVE-2026-34830
- CVE-2026-34829
- CVE-2026-34827
- CVE-2026-34826
- CVE-2026-34786
- CVE-2026-34785
- CVE-2026-34763
- CVE-2026-34230
- CVE-2026-32762
- CVE-2026-26962
- CVE-2026-26961