CVE-2026-22860

HIGH EPSS 42.0%
Published Feb 18, 20264mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
42.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-22 Path Traversal Resource Mgmt
CWE-548

Affected Products 3

VendorProductVersionRange
rackrack* <2.2.22
rackrack*≥3.0.0  –  <3.1.20
rackrack*≥3.2.0  –  <3.2.5

References 2

  • github.com https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
    Patch
  • github.com https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
    ExploitMitigationVendor Advisory

Remediation

  • github.com https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
    Patch